“500" Internal Server Bypass Everything Will Be “200" Okay

10 months ago 85
BOOK THIS SPACE FOR AD
ARTICLE AD

Pushkar Bhagat

Hello, Pushkar here I just want to share my crazy experience regarding the sensitive data exposure bug at one of the mailing service.

After office hours, I engaged in a testing session and ran “ffuf” on the target. I encountered several 403 errors, except for one that returned a 500 error. Sensing something suspicious, I decided to investigate further. Spending a couple of hours playing with the request, I discovered a new bypass by altering the encoding. This allowed me to successfully bypass the 500 Internal Server Error, obtaining a 200 OK response and accessing potentially valuable information.

Normal request with 500 error for noobs and humans.

Thats how you should think when you pentest or hunting on bug bounty programs .

:P

Happy hacking.!

Follow me on linkedin : Pushkar

Read Entire Article