How I found a P1 bug in just 40 minutes

1 week ago 13

BOOK THIS SPACE FOR AD

ARTICLE AD

Today I will tell How I found a P1 bug in just 40 minutes and How you could found this

I will also show this bug live in this article

## Requirements

Tufflehog

This is a tool which file sensitive information from a website like JWT tokens api key and other base encode keys

You just have come back on medium.com

you will notice this is poping a alert saying there is an apikey

like this

Found a apikey

Once you will get this pop copy the api key and open the view source of page by pressing control + U and match the following api key in the page

Once you notice you will find this is a algolia api key once you found this

"algolia":{"appId":"MQ57UUUQZ2","apiKeySearch":"394474ced050e3911ae2249ecc774921",

we need a curl command to curl the request to see the permission this api key as so for this here is curl command

curl 'https://APPID-dsn.algolia.net/1/keys/APIKEY?x-algolia-application-id=APPID&x-algolia-api-key=APIKEY'

after put all appid and apikey you will notice the curl command be like

curl 'https://MQ57UUUQZ2-dsn.algolia.net/1/keys/394474ced050e3911ae2249ecc774921?x-algolia-application-id=MQ57UUUQZ2&x-algolia-api-key=394474ced050e3911ae2249ecc774921'

and once you got this just run the command you will notice that the key has only permission for search like this

{
"value": "394474ced050e3911ae2249ecc774921",
"createdAt": 1487980286,
"acl": ["search"],
"validity": 0,
"indexes": ["medium_*"],
"description": "Medium.com search-only API key 02/24/2017"
}

that mean this api key is just for search this is not vulnerable but if a api key has other information like in my target

P1 Bug

it has all permission this can create an index delete it and even can change settings so this will be P1 but in some it can be P2 depending on impact

if found this you can report it

Thanks you !!

Hope you understand it

Read Entire Article