< back

Recon Harder or How I Found a Hidden Blind SQLi

Found an interesting open port with naabu, inspected JS files, and discovered an interesting API endpoint.

After some fuzzing and rebuilding the requests I found in the JS files, I reported an IDOR and this time-based SQLi 1:

simple sqli poc


  1. yep, plain curl, because you don’t always need burp :) 


tags: #bugbounty, #sqli, #recon

Hey, I'd love to hear your thoughts! Just drop me an email.