From Broken Code to SQL Showdown: How I Found Critical Blind Injection

The writer explains a story of finding a critical blind injection while debugging their life.
The process started by discovering a suspicious endpoint on the target application.
Then conducted a mass reconnaissance to identify any other alive endpoints through various tools like assetfinder, subfinder, findomain, katana, etc.
Among the discovered endpoints, the writer found a login page that looked suspiciously simple, only containing two input fields named “j_username” and “j_password”.
Captured the request via Burp and started analyzing it.
After some caffeine-fueled hours, discovered and demonstrated a blind SQL injection attack.
This was a meaningful breakthrough after a period of job rejection and bad luck.
The writer concludes by encouraging others to take interest in such pursuits and demonstrating the process. A screenshot of the story is also provided for reference.
The link to the original story is provided as well.

Fast Feed