.png)
3 years ago
251 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi folks!
I hope you’re all safe and good. Today’s writeup I explains how I was able to fetch website staffs first names, phone numbers, e-mail address through external live chat service.
I found this vulnerability in HackerOne at a private program. So we can call that program as redacted.com . Firstly, I looked for a live chat service on main domain but I can’t found anything. Then, I registered to website. Now live chat is there. I sent some messages to live chat service. But seems it’s a auto reply chat service. I lost my momentary joy.
After I finished my research on main domain, I started to examine request history in Burp Suite. I saw a https://api.redactedchatservice.com/restapi/v1/team/user/members?access-token=jwttokenrequest.
Well, probably I found 298 phone numbers of live support agents!
Then I checked a phone number’s WhatsApp account to verify if it was a physical (real) sim card. Yes! It’s have a WhatsApp acount, so it’s a physical phone number. And then I immediately reported it.
Report Timeline
Submitted on July 2, 2021Fixed on July 6, 2021$$$ bounty awarded on July 20, 2021 as Medium severity.
Thanks for reading my first writeup. Happy to share this find with you all. If you found anything interesting feel free to share. DM me on Twitter if you have any queries. Stay home and stay safe! ♥
Bengali (Bangladesh) · 
English (United States) ·