How I Found Live Traffic Exposure on a Public Server: One of my interesting findings

2 months ago 32
BOOK THIS SPACE FOR AD
ARTICLE AD

Josekutty Kunnelthazhe Binu

Hello everyone, I am Josekutty Kunnelthazhe Binu. A security researcher and ethical hacker.

I am here to share how I got access to the live traffic of the web server which was exposing number of live requests, number of live connections, number of waiting connections, number of responses (200, 300, 500,..) on each status codes and lots more..

I was working on a target domain. I started doing subdomain enumeration with some tools and done some fuzzing using some common directory brute forcing tools but I was not able to find any interesting files.

Then I started checking for subdomains using shodan and censys. Shodan and censys are search engines for internet connected devices means they can be used to find more subdomains during the hunt. Don’t underestimate this process try as much as tools and find new and unique subdomains and ip which can be vulnerable. I found an ip which was hosting a subdomain of the target and I started fuzzing using dirsearch. I found an interesting 200 ok status code.

The url was like this : https://www.target-ip-of-subdomain.com/status.php

When I clicked I was surprised I was taken to the page which was showing live traffic of the server. It was an Nginx Vhost Traffic Page. For specifically it was exposing these live data :

Server version: current version of the targetUptime: this shows how long the server has been running without a reboot.Connections: number of live connections to the website server.Request and Response Data: number of live requests and responses with each state codes.Traffic data: the amount of data sent and received.

To my surprise everything was live, I did something further to confirm it’s showing actual live details. I went to my terminal and started another directory brute forcing on the same subdomain and when I visited the vulnerable url the number of requests was increasing according to the request sent by the tool and when I stopped it was decreasing and coming to the normal numbers.

Sorry I have the live poc screen recording but I don’t think I can share it publicly but I will show a screenshot with redacted target details.

Thanks…..

#Vulnerabilities #EthicalHacking #CyberSecurity #BugHunter #NginxVulnerability #ServerSecurity #TrafficExposure #InfoSec #WebSecurity #VulnerabilityDisclosure #HackingTips #LiveTrafficExposure #SecurityFindings #BeginnerBugHunter #PenTesting

Read Entire Article