.png)
2 months ago
28 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello folks, I am going to share my latest finding in Yamaha.
On my free time I was playing with osint techniques to find interesting directories without any exact target after some time I came across a Yamaha owned website and the directory was /wp-json/ after manually browsing further I came across a file with admin username. The path were the file existed was:
/wp-json/wp/v2/users/
I also found a admin login page which I used to demonstrate impact with the company. An attacker will be able to brute-force the admin login page with the valid admin username.
Unfortunately they didn’t had any bug bounty programs so i done a responsible disclosure and they acknowledged my finding.
The CVE-2017–5487 vulnerability in WordPress 4.7 before 4.7. 1 exposes websites to potential information disclosure attacks through the REST API. Remote attackers can exploit this vulnerability to retrieve sensitive information about registered users.
Unauthenticated users can access sensitive information like admin username, etc…
Using osint techniques you can find this bug on mass quantity. Use this google dork to mass hunt CVE 2017–5487.
inurl:”/wp-json/wp/v2/users/”
If you want to find this specific CVE in the target which you are hunting use this dork:
site:target.com inurl:”/wp-json/wp/v2/users/”
Change target.com to the target which you are hunting, like if you are hunting on google then site:google.com inurl:”/wp-json/wp/v2/users/”
Thats it…. Happy hunting guysss
#BugBountyTips #BeginnerHackers #BugBountyJourney #Cybersecurity101 #EthicalHackingTips #HackingForGood #InfoSecCommunity #HackTheBox #BugHunter #SecurityResearch #TechEducation #LearnToHack #OSINTForBeginners #CybersecurityAwareness #TechBlog #BugBountyHunters #Hacktivity #CyberSecCareer #TechLearning #HackAndSecure
Bengali (Bangladesh) · 
English (United States) ·