.png)
1 week ago
29 BOOK THIS SPACE FOR AD
ARTICLE ADHi everyone, after a long time, I’m back with another interesting write-up. I didn’t hunt on a single application this year due to some problems Hope everything gets well soon.So, let’s dive in without wasting any time!”
“Two years ago, I was randomly hunting on the Logitech program, which had a wide scope and was well-tested, with over 1,000 resolved reports. I knew that I would not get anything I had tried my luck.
I’m not a recon expert, but since the program had a wide scope (e.g., *.logitech.com), I decided to enumerate all the subdomains using tools like Subfinder and Amass. Unfortunately, I didn't get any promising results.
So, I turned to Shodan and found an interesting IP with a login panel. and The domain name of the IP address was ‘something.logitech.com’.Initially, I tried default credentials like test:test, admin:admin, admin:password, and others, but none worked. Next, I attempted SQL injection payloads, such as boolean-based and error-based injections, but those also failed."
I tried all the methods I knew, but unfortunately, I didn’t get anything
I was trying last time After spending 4 hours
“I randomly entered a string in both the username and password fields, captured the request using Burp Suite, and sent it to the Repeater. When I clicked the send button in the Repeater, I received an interesting 200 OK response: ‘username is not correct.’ This led me to suspect that the site was validating only the username, instead of returning an error like ‘username and password are not correct.’ To test this, I removed the username value in the body section and sent the request again.
{“username: “test”,password:”test”, “csrf”:”token”}
to
{“username: “”,password:”test”, “csrf”:”token”}
This time I returned a 302 redirect instead of 200 OK. Following the redirect took me to the admin panel dashboard, where I found 1 million data records. We know that Logitech is a big company, so having 1 million user records is normal for them.
After I reported the bug, they triaged my report on the same day and resolved it within a week.
Thank you, guys. I hope you will enjoy my write-up
Tip:- Hunt like an Eagle
Bengali (Bangladesh) · 
English (United States) ·