.png)
4 years ago
153 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi, how are you? i hope all of you are fine and healthy.
Today i want to publish my bug hunting about Information Disclosure
What is Information Disclosure?
Information disclosure is when an application fails to properly protect sensitive and confidential information from parties that are not supposed to have access to the subject matter in normal circumstances. These type of issues are not exploitable in most cases, but are considered as web aplliaction security issue because they allows malicious hackers to gather relevant information which can be used later in the attack lifecycle, in order to achieve more than they could if they didn’t get access to such information.
At that time I was very bored to do anything, then with boredom I looked at the program directory in Hackerone and for some reason suddenly I clicked on one of the programs.
livestream.com
Then I tried to register an account and see all the features on the website hoping to get a bug, then I did a reconnaissance and got a subdomain
api.new.livestream.com
During penetration testing, I found the url livestream.com/my_account, where the url shows my own account, then it crossed my mind to look for other user accounts and I added path
livestream.com/accounts/1
Then I got a user account with ID 1 after that with my enthusiasm i tried to do the same with livestream.com’s API
At first I entered the
api.new.livestream.com/accounts
url, but the following message came out
Then I added the user ID in hopes of getting information from that user ID
api.new.livestream.com/accounts/1
BOOM! I found a bug information disclosure through user ID
After reporting to the hackerone, i got notification that my report was duplicate
Here’s the PoC Video :
Time Line :
7 August 2020 - Report to Hackerone7 August 2020 - DuplicateThanks for reading, i hope you enjoy my story. Sorry for bad english, see you on the next story ☺☺
Bengali (Bangladesh) · 
English (United States) ·