BOOK THIS SPACE FOR AD
ARTICLE ADHello Hunters,
This is my second blog, Today I will share a write-up about how I was able to See the user sensitive information on a Private Program on BugCrowd.
Before reading this report go check out my first report.
I can't disclose the program name so assume it as www.examle.com
I was Testing for XSS on this website so I started testing on different parameters.So what I did is open my burp capture the request and spider the host, I saw many parameters over there.Testing on the huge parameter will actually take a lot of time so I tested on 10–12 parameters but no results for me.So next I try to do a store XSS on first name and last field, but I was not able to write the script on first and last name, So what I did is capture the request in burp and change the first name and last name and dang my script was stored but unfortunately, the script is not getting executed.So i thought to send the capture request of first name and last name to intruder and I just select those parameters.So I have a payload list I just fire the payload list.Dang I see my Payloads are getting executed with 200 response and a huge number of length.So I just sort the length and check the response for the highest length. But still I was not able to get any XSS pop upI was checking each response but no results.Suddenly I saw the URL on the browser it is like https://something/api/xyz18/idI was able to see my user id number specified to me over there. I found something Juicy over there so I just change the I’d up down andBINGO
12. I was able to see other user data which can be easily used by an attacker to scam user
What I did is checking more Id no. didn’t dig much on user information. Reported the report to bugcrowd got positive response from them.
My first P1 level bug.
What we learn:
We should check everything even small small things sometimes the bug is Infront of our eyes but we never notice on small points.
I hope you like this post.
#BugBounty #Cybersecurity #Hacking #Hunting #Secure #KeepHacking