.png)
4 months ago
54 BOOK THIS SPACE FOR AD
ARTICLE AD
Greetings, everyone!
Thank you for returning to follow my another write-up. This is my Last write-up of 2023 and could be last of my BB journey. In today’s discussion, we will dive into a vulnerability. Specifically, I will be detailing how I identified and accessed the company login page with its origin ip and successfully able to perform rate limit on Admin Panel by bypassing WAF(web application firewall) .Lets name the target as redacted.com .Without further delay, let us navigate through the intricacies of this discovery.
As usual …. Lets have a small introduction about me:
My name is Mohaseen , I’m a cyber security enthusiast and a bug bounty hunter. I am learning about bug bounty and web application hacking from 2019 . And I love what I do.
Now let’s understand the bug.
It is an multi-billion dollar and an American bank holding company and multinational financial services corporation that specializes in payment cards. Most of you have probably heard of it, and a lot of people use their services.
In my routine reconnaissance of the site,I started by listing out subdomains using my own bash script. After checking the live ones (cat alive.txt) and opening all the URLs with a multi-URL extension in Firefox, I encountered various HTTP status codes like 404, 200, and 403. In this process, one subdomain caught my attention, featuring an input field labeled “URL.”
Attempting Server-Side Request Forgery (SSRF) didn’t yield results. I then proceeded with directory brute-forcing and discovered an endpoint, /admin_login, which housed an admin login page. Despite trying default credentials and SQL injection, I faced roadblocks due to the Web Application Firewall (WAF) in place, specifically CloudFront.
Undeterred, I attempted to identify its origin IP .Upon discovering it, I accessed the page successfully via the origin IP. Subsequently, my attempts of brute-forcing the login page were not identified by the WAF.
Voila! I found a rate limit bypass by bypassing the WAF using the origin IP.
The impact of this discovery is significant as it exposes a vulnerability in the website’s security infrastructure. Bypassing the Web Application Firewall (WAF) and accessing the admin login page via the origin IP highlights a potential weakness in the authentication and security measures. The ability to perform brute-force attacks without encountering blocks due to rate limiting raises concerns about the overall resilience of the system.
I made a detailed report outlining my findings and submitted it. Within 2–3 days, I received confirmation that the bug had been triaged, and shortly after a day i got the conformation that my report is valid and unique. However, despite of being a multi-dollar company, they only operated a Vulnerability Disclosure Program (VDP) on Bugcrowd, without providing any points or reward🥲.
This way i got my first valid Bug in Bugcrowd
Bengali (Bangladesh) · 
English (United States) ·