How I got Hall of Fame in 30 Second from CERT-EU

Hello Amazing People ,

Parshwa Bhavsar here.

In this write-up , I am going to share you that How I got a P2 Level Bug in 30 second & Reported it to CERT-EU and Got Hall of fame from them.

I was searching some Good and Large scope programs that can at least give reply as I was fed up with some programs who even didn’t acknowledge the researcher’s report :(

At that time , One of my friend call me that I got hall of fame from CERT-EU and the response team is nice and they will reply you within 4–5 days.

I searched on google baba and find there bug bounty program.

Here’s the link :- https://cert.europa.eu/cert/newsletter/en/latest_HallOfFame_.html

Inscope : *.europa.eu (ALL SUB-DOMAINS)

As per my Recon Methodology , I started Google Dorking.

The Dork I have used : site:europa.eu ext:log

I got some Results in the google and Open first link from the results.

I found Jetty Logs that are publicly available without any protection,

Those who don’t know about Jetty =>Jetty is a Java web server and Java Servlet container. While web servers are usually associated with serving documents to people, Jetty is now often used for machine to machine communications, usually within larger software frameworks.

That Log file contains some Sensitive data regarding Servlet and Real time IP Logs which is worth to Reporting.

30th June : Reported

2nd July : Received the Report and have some doubts regarding IP Logs

3rd July : Solved all the Queries by providing attack vector for it

5th July : Got my name in Hall of Fame

Thank you for your time :)

Stay Safe and Healthy.