.png)
3 years ago
192 BOOK THIS SPACE FOR AD
ARTICLE AD
I’m Renganathan. I don’t want to waste your time by Introducing myself. If you would like to know me personally, this is my Instagram account.
instagram.com/renganathanofficial/
If you want to see me trying to behave professionally and showing off like an adult, this is my LinkedIn.
linkedin.com/in/renganathanofficial/
And this is my first write-up / Blog on Medium.
Ps- I don’t know to use Medium.
I saw there was a vulnerability reporting program on United Nations (UN) so I decided to give it a try.
So just like any other hacker, I enumerated the subdomains of un.org but using virustotal.com
Yes, Sorry :(
I was not at home, I was in a restaurant. So I used my phone to enumerate subdomains with virustotal.com
I was giving a glance through the subdomains and one of them was git.unite.un.org. I clicked on that.
The plot twist was there was no authentication.
Then I was able to access so many source codes, drupal configurations, their projects (not opensource), and even credentials. I reported them immediately to infosec@un.org
TimeLine:
Dec 4, 2020- Reported
Dec 5, 2020- Case Number Assigned (Auto-generated email)
No update *crying_noise.mp3*
Jan 13, 2021- The bug was resolved and an authentication page was added. I was asked how my name has to appear on the page If I would like to get credit.
Jan 19, 2021- Name was updated in the hall of fame
Thanks for reading :)
Stay Safe!
Bengali (Bangladesh) · 
English (United States) ·