Hello Cybersecurity Researchers :),

Hello Cybersecurity Researchers :),

I am here with an interesting write-up for you all.

Let me introduce myself first: my name is Sanjaykumar, and I am a Cybersecurity Researcher😎.

I have found many vulnerabilities in different programs and received bounties and swag as well. But this is my first write-up, and I am excited to share my experience with you all.

In this write-up, I will share the experience of one of my P2 findings, which I found recently.

Lets consider the target site as target.com. Like all researchers, I usually start with target information gathering and some manual reconnaissance. I tried to find SQL injection, XSS, CSRF, and some known vulnerabilities, but I didn’t find any of those in target.com😒. So, I focused on some low-hanging fruit. I usually run Burpsuite as a proxy interceptor for target.com. When I went to the HTTP history and tried some filters like(apikey,config,admin) , Wait! I found a URL called “https://target.com/config.json”. Then, I forwarded the particular request to the repeater, and I observed the response.

OMG!!😲 I was surprised to find that target.com had publicly leaked some sensitive internal information in the response. The information was whitelisted IP addresses for accessing SFTP. You can have a look at the below screenshot.

Afterward, I conducted some information gathering on those IP addresses using Shodan and some lookups but no use of it. However as per the program guidelines I don’t need to access or exploit it. So, I move forward to report the issue with the impact mentioned below.

IMPACT:

As an attacker, I found a whitelisted IP address and some information about that IP address. Next, I may try to spoof that IP address and access the SFTP to perform some unauthorized actions.

I reported this vulnerability to the company as a P4 (low) vulnerability, but the company changed it to a P2 (High) severity vulnerability. They rewarded me with a point and a place in their hall of fame.

Remember, even low-hanging fruit can lead to juicy findings, and that’s the story! Thanks for reading, folks.

With that, I’ll sign off. Until next time, fellow researchers, happy hunting!!!

Follow me here and in LinkedIn, and let’s explore the world of cybersecurity together!

LinkedIn: Sanjaykumar D. S | LinkedIn