BOOK THIS SPACE FOR AD
ARTICLE ADAfter a long time guys, I am writing this to let you all know how an out of scope bug became accepted in one of my submissions
Recently I started hacking into one of the program I found by dorking. Let’s name the program or target as redacted.com
It was not much hard just quite some few steps and the thing was done. I first started to check the website manually by testing some parameters for example search, query and other parameters for potential bugs like xss and other stuffs.
Now since I did not find any of these I found two things Login/SignUp function. The next thing I tried was to sign up into that site. Upon putting a phone number there was a 6-digit otp sent to it. Now when the otp was correct there was an auth_token generated into the response. I copied that auth_token which looked something like this
Now the next thing I did is to copy the this whole stuff and then dropped the request. Again I used any random number and while entering the otp, I put any random 6-digit and in response pasted it and boom without any authorization I was in.
Thus I confirmed that a single auth_token can be used to validate as many account you want. I noted this and then quickly made a PoC and emailed to the company. After two days I received first mail that this bug is indeed not a bug and we are sorry to inform you that there is no bounty for this report. I loosed hope but after sometime, on the same day I received another email from them where they stated the following
And thus this came to a conclusion that whenever you are trying to exploit a bug and making a PoC, try to show maximum impact of the bug. Sometimes companies want to see something that is new and interesting. By this I am concluding it.
Follow me for more
LinkedIn: https://www.linkedin.com/in/akash-suman-7b95572a1/
Twitter: https://x.com/CyberGhostOps
If you are looking to collab, My Dm’s are always open. Hope you all have a great day!!!