Bug Bounty Tip
When you find /sitemap.xml, check if it can handle the `offset=2` param.
If the content changes, this may be a dynamically generated sitemap, which could potentially be vulnerable to SQL injection.
// 3 sec sleep
?offset=2;SELECT IF((2>1),SLEEP(3),4)#
Cheers!