.png)
1 week ago
17 BOOK THIS SPACE FOR AD
ARTICLE ADHello,
it is me again, Ahmed Tarek :)
Today I would like to share with about a simple but effective discovery I made using fuzzing. so, So let’s get started! 😉
So I was testing the target let say target.com . On one of the subdomain I saw a default SMS Service page that they were using. That got me thinking: what if I fuzz for endpoints?
I fuzz the subdomain with FFuF using this seclist
Ffuf is a web fuzzing tool written in the Go language which is very fast and recursive in nature. It works similar to Wfuzz but in contrast it is recursive. Ffuf also works by replacing the x` with worldlist values.
the command was
$ ffuf -w fuzz.txt -u https://sms-express.target.com/fuzz.txt -mc 200 -ac -recursionI got one of the endpoint’s status code 200 and the endpoint was .gitignore.swp.
I open the url in browser with the endpoint https://sms-express.target.com/.gitignore.swp and one file was downloaded.
Inside were paths to more sensitive directories.
I immediately reported the bug and got $30 bounty
Thanks for reading!
you can follow me on social media to see more Write-Ups
Bengali (Bangladesh) · 
English (United States) ·