LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

$$$ Bounty for PII disclosure through API

1 month ago 19
BOOK THIS SPACE FOR AD
ARTICLE AD

Raunak Gupta Aka Biscuit

OSINT Team

Free Article Link: Here!!!

Soo I was casually poking around an app, hoping to uncover some juicy bugs. You know, the usual hacker grind. I stumbled upon their API responses, and to my delight, the data was as secure as a leaky faucet. Personal info like user IDs and access tokens were just chilling there, waiting to be taken.

How I Discovered

I thought, “No way it’s this easy,” but yep, it was. The app was storing sensitive user info in an unencrypted format in the cloud. I mean, who needs encryption in 2024, right? Even worse, these cloud databases could be accessed directly if you knew where to look, which I *definitely* did. You don’t have to ask twice!

The finishing move

To confirm my findings, I pulled out some basic API requests, added a sprinkle of user enumeration, and BAM — user data served on a silver platter. I…

Read Entire Article
  3. $$$ Bounty for PII disclosure through API

Related

Methods to bypass 403 & 401

Methods to bypass 403 & 401

How did I extract the API key in less than half an hour? my story with it

How did I extract the API key in less than half an hour? my story with it

How I Discovered an Email Change Vulnerability Leading to Pre-Account Takeover | p2

How I Discovered an Email Change Vulnerability Leading to Pre-Account Takeover | p2

Vulnerable WordPress October 2024 (Zahhak Castle)

Vulnerable WordPress October 2024 (Zahhak Castle)

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Chinese Hackers Target Linux with WolfsBane Malware

Chinese Hackers Target Linux with WolfsBane Malware

Trending

1. Man City vs Tottenham
2. Fahad Ahmad
3. Imtiaz Jaleel Election Result 2024
4. Leicester City vs Chelsea
5. Premier League
6. IPL Auction
7. Hemant Soren
8. Ajit Pawar
9. Aditya Thackeray
10. Wayanad Election Result

Popular

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved