BOOK THIS SPACE FOR AD
ARTICLE ADHello My fellow Bugbounty Hunters And Infosec Community.I Am Anurag Kumar An BugBounty Hunter From India.I Hope You All Are good.So This is My Writeup About How i Got My First IDOR bug in Google Which was Leak Company Private Emails and sensitive informations.
What is IDOR
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly
So let’s explain what I did,
So This was started in May 2020.My Another Friend And Bugbounty Hunter Pratik Dabhi got His First Bug in Google And Honorable mentions.Motivating by Him i also Thought To Try in Google.I choosed an Google Aquision is my target.So Suppose that the target is redaced.com.I follow simple methodology that trying with go reconnaissance, gathering as much as sub domains with different tools like assetfinder,findomain,amass and another Resources.After spending 8 hours.I Founded a intresting endpoint in main domain and it was.
https://www.redacted.com/portfolio/{COMPANY ID}
So Basically its a company portfollio where on Individual Companies/Users Are Able to Contect to Company regarding His Projects And queries.After Exploring This portfollio I Notice that When i am trying to send message to company/users through portfollio, intercept the request through burpsuite and i saw that hidden parameter also send through hidden parameter which be like
<input name=”partner” type=”hidden” value=”companyemail” /> <input name=”company” type=”hidden” value=”another company sensitive info” />
And after that its redirect me to my gmail account.So i try to increment or decrement portfolio id parameter And i was able to fetch All INDIVIDUAL/USERS Personal emails And Other information through Bruteforcing {COMPANY} Parameter And After That I was like
I immedietly Reported This Issue To Google
03–05–2020 Reported bug to google
05–05–2020 Bug Accepted By Google And Honorable Mentions
Always Check hidden input parameter in Every Request And Response.Sometimes its gives you a good informations
Thanks For Reading My Writeup
Linkedin profile