From Hobby to Hacking

3 years ago 170
BOOK THIS SPACE FOR AD
ARTICLE AD

Muhammad Syahrul Haniawan

Hello,my name is Muhammad Syahrul Haniawan. I am from Indonesia and this is my first write up on Medium.com. I’ll tell you a little about the experience I had and my first bug bounty.

Have you ever thought that having a paid hobby is very fun? xD. I have interest about Japanese Culture especially Anime and Manga. At that time I was just reading news about some Japanese culture on one of the biggest Japanese news websites in Indonesia,because this is a private bug bounty program, we call the website as redacted.com.

Ok lets go….

That day I was very surprised to hear the news that my idol actress Yui Aragaki announced her marriage to a Japanese actor. I immediately looked for articles about it and found a website that I used to frequent to read news about Japan.

At first I had no intention of trying to test the security of the website,but i found something that caught my attention, yes … the plugins that is used uses an older version of jquery 3.4.1, which was released in 2019.

Jquery version

I did fuzzing the directory on the main domain and didn’t get a good entry point. after that I found subdomain.redacted.com. I just doing recon directory with view-page source on the main page xD. Found something suspicious directory called jquery-fileupload there hehe…

I remember reading an article related to jquery-fileupload on this site https://blog.detectify.com/2018/12/13/jquery-file-upload-a-tale-of-three-vulnerabilities/ .

Lets try that !

I go to https://subdomain.redacted.com/jquery-fileupload/server/php and found the entry point and it’s shown “files[]”. HMMMMMM…… I have made simple CSRF to try this entry point for uploading webshell.

Entry point

result CSRF

WOW we can see the response here, there it does show an error message but I think my webshell uploaded successfully. “How we know the directory of files ?” That’s simple,just add one more directory “/files/”. And boom….. it really happened xD.

I immediately reported this to the website developer, They respond it quickly. I was awarded for internship at the company for 1 month and got a certificate appreciation.

That’s all my write up about my hobby and hacking xixixi…See you next time guys and hope you enjoy it.

CONTACT :

Linkedin : https://www.linkedin.com/in/msyahrulh/

TIMELINE :

Found the bug : 10 July 2021Report : 11 July 2021Rewarded : 12 July 2021.
Read Entire Article