.png)
4 years ago
187 BOOK THIS SPACE FOR AD
ARTICLE AD
Welcome back Again :)
In this write-up, we will discuss how I bypassed the authentication mechanism to access sensitive resources using forced browsing.
The website I was hunting was sportskeeda.com(I asked them for public disclosure.
Let get started,
So I was looking for some good bugs & started my recon on Sportskeeda main application but I hadn’t found anything interesting, then I thought to try on the subdomain. So immediately I fired up my kali machine & run the Knockpy to find the subdomain.
After running Knockpy, I found some good subdomains but one domain looks eye-catching & I added that subdomain to my list & opened in the browser with extra excitement.
When the URL loaded it showed up Login Panel, then I tried with some default credentials but nothing worked. It looks like web-application was saying hold your horses, Rome was not built in a day, Try Harder :(
Then I tried with all possible combinations, did some google search to find some exploits but nothing worked. So I closed the laptop & start thinking about what I can do if I don’t have credentials. So I got an idea to prepare a wordlist based on the domain but it was again a wastage of time.
Then a sudden idea came into my mind & one idea can change your life :P
So, I thought why not try to access some default/common pages(via forced Browsing), so I added /index.php after the URL & immediately I entered into the internal config page(without providing any credentials) of the organization & have a lot of sensitive things like API keys, development detail, etc. Here I stopped my testing & immediately reported this to the company.
The company fixed the issue immediately & rewarded Bounty.
Linkedin: https://www.linkedin.com/in/lavcyberboy
Twitter: https://twitter.com/warri0r_hacker
Bengali (Bangladesh) · 
English (United States) ·