.png)
6 months ago
35 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Fellows !! Hope this article finds you well !!
Intro: I am p_ra_dee_p whom you all know as Professor0xx01. Today I am going to explain you my story about finding bugs in another govt reserved website. This story gonna be small one but also the usefull one as i am sharing this as bug bounty tips. So, let’s start it.
How I investigated these bugs……………………… >>
Let’s say that the website called as target.com. Whenever I browsed to <target.com> it’s showing that the site is under some maintenance at that moment. I didn’t get any information about that page from Wappalyzer also !!
But I didn’t move on instantly……….!!
Then I start a normal directory enumeration with Dirsearh to detect any endpoints exists there or not and got this 4 endpoints !!
/info.php --> PHPInfo()/manual/index.html
/pi.php --> PHPInfo()
/users.sql --> PII Disclosure
After getting this endpoints i manually browsed them & got these disclosures one by one !!
First : PHPInfo() Disclosure :
/info.php/pi.php
Second: Apache Server Documentation :
/manual/index.htmlThird (Sensitive One) : PII (Personally Identifiable Information) Disclosure
Here I got a copule of users PII data which disclosing “user_name”, “user_district”, “user_office_code”, “user_mobile_number”, “user_password”, “user_email” etc.
/users.sqlAfter Scrolling a bit ……. B00MMM!!! Got this PII Data of Users as well as Administrator…………..!!
Thereafter, I made a report about my findings & mailed it to the NCIIPC Team !!
THANKS FOR READING !!
HOPE YOU ALL ENJOYED IT !! Don’t forget to clap & follow me for more insightful articles !!
See You in the next article …!!!
Happy Hunting ~~
Keep Learning & Keep Securing ~~
Bengali (Bangladesh) · 
English (United States) ·