.png)
11 months ago
55 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello everyone! This is me Mohit Kumar again. Apologies I was little late writing second article. Today I will tell you how I was able to find API key in Page source, then exploitation of it. Tough it got duplicate but program still rewarded me. Thanks to Intigriti.com and Program.
I was hunting on Intigriti.com and I got a private invitation. After accepting it I started hunting on it. First I did what we all do, started finding subdomains. I use subfinder a tool by project discovery. After collecting all the subdomains I started looking each subdomain manually then I found mail chimp API key in page source.
Now Real thing start.
POC:-
Found subdomain https:// subdomain.target.com and opened it in browser.Go to page source and use ctrl+f and search api key or keyFound some Mailchimp API key.Found a GitHub repo (keyhacks) where lot’s API key exploitation step is written but I wanted to try something new and different and I found two more ways (WordPress and Postman)Let’s Move to Next step.
For WordPress:
1. You need a WordPress site go to admin panel
2. Open plugins and install Mailchimp for WordPress plugin
3. After the installation you can go to the plugin and paste the Mailchimp API key there which you have found.
Ex :-mailchimpAPIkey-us8 in the API key box
4. It will be connected without authorization.
5. Once the API is connected you can see list name, ID, and subscribers number.
For connecting you mail chimp API key to WordPress you can search on YouTube there is lots of tutorial available and it’s very easy.
For Postman:
(It’s a long article so I am copying & pasting my POC instead of editing sentence)
Download Postman for windows or Linux from the official source.
Install and open it.
Let’s test that we can connect to the MailChimp API and get a successful response by sending a GET request to the base URL. I’ll be using Postman to test all the routes.
Replace the <dc> in the base URL with your dc. I will use us8(dc), so the URL will look like this:
You’ll also need to use your API key to access the API. In Postman under the Authorization tab choose Basic Auth . Under username, you can put any string (the MailChimp docs suggest using anystring). The password should be your API key. I will use first API key (Mailchimp API key)
Once you click on send button in Postman you will get response where you can see PII data.
Impact:
Anyone can see the PII data like account id, login ID, address, bounce rate etc which should not be public and also without authorization i can add mailchimp API key to my WordPress site and can use in the malicious way.
Intigriti first closed my report as informative as I requested them to review it again.
They accepted it and apologies for the same. They asked me to send the exploitation in curl request.
For Curl:
As I have given github link of keyhacks from there I found to exploit Mailchimp API key through curl
curl — request GET — url ‘https://<dc>.api.mailchimp.com/3.0/’ — user ‘anystring:<API_KEY>’ — include
After that program got involved in the report then they have set it again it to informative, then Duplicate and gave me bonus of some good amount of Euros.
For two days my heart was beating so fast and also I was little nervous.
I hope you liked my article. Keep learning. Stay tuned for the next article.
If you have any suggestion or doubt, please connect with me on LinkedIn.
https://www.linkedin.com/in/mohit-kumar-4ab6b3bb/
Thank you for your valuable time.
Take care, bye.
Bengali (Bangladesh) · 
English (United States) ·