.png)
7 months ago
32 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi
Today I will tell How I found a P1 bug in just 40 minutes and How you could found this
I will also show this bug live in this article
## Requirements
TufflehogThis is a tool which file sensitive information from a website like JWT tokens api key and other base encode keys
You just have come back on medium.com
you will notice this is poping a alert saying there is an apikey
like this
Once you will get this pop copy the api key and open the view source of page by pressing control + U and match the following api key in the page
Once you notice you will find this is a algolia api key once you found this
"algolia":{"appId":"MQ57UUUQZ2","apiKeySearch":"394474ced050e3911ae2249ecc774921",we need a curl command to curl the request to see the permission this api key as so for this here is curl command
curl 'https://APPID-dsn.algolia.net/1/keys/APIKEY?x-algolia-application-id=APPID&x-algolia-api-key=APIKEY'after put all appid and apikey you will notice the curl command be like
curl 'https://MQ57UUUQZ2-dsn.algolia.net/1/keys/394474ced050e3911ae2249ecc774921?x-algolia-application-id=MQ57UUUQZ2&x-algolia-api-key=394474ced050e3911ae2249ecc774921'and once you got this just run the command you will notice that the key has only permission for search like this
{"value": "394474ced050e3911ae2249ecc774921",
"createdAt": 1487980286,
"acl": ["search"],
"validity": 0,
"indexes": ["medium_*"],
"description": "Medium.com search-only API key 02/24/2017"
}
that mean this api key is just for search this is not vulnerable but if a api key has other information like in my target
it has all permission this can create an index delete it and even can change settings so this will be P1 but in some it can be P2 depending on impact
if found this you can report it
Thanks you !!
Hope you understand it
Bengali (Bangladesh) · 
English (United States) ·