.png)
3 years ago
164 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello everyone this is my first writeup in medium.I am a cyber security student.I like to learn new things in cybersecurity field, and want to improve myself everyday.I recently participated in Bug Bounty Programs
I usually forget to look at the scope of program 😅,because of which all the vulnerabilities I report to program was considered not applicable 💔.Recently I enrolled in a program(example.com),and I started my usual path of finding subdomains and if I find some interesting domain,then I will do directory brute forcing on it.Then, I found example.com/admin directory and I saw a login page.I used default credentials to login into it and it was not successful.Then, I looked into the source code and then I did not get anything useful until i noticed javascript file link in the bottom of source code.It was like example.com/admin/xyz/jQuery.js.
There was no useful information there , but then I tried to move one directory back (example.com/admin/xyz), and it was 403 page.I moved another directory back(example.com/admin), and I saw the dashboard.I was admin, even without logging in as one.If I directly try to access example.com/admin, it asked for a password, but, if I repeated the previous steps,it did work and I was admin again.I did not know why it was happening, and I reported it to program.It was my first Critical bug, and I was excited.As usual, it was out of scope, and it was tagged as not applicable:-):-).I decided to not repeat this anymore, and will find more bugs in future.If you know why the application behaved in this way, and why did this security flaw happened, or if you want to contact me,
I usually forget to look at the scope of program 😅,because of which all the vulnerabilities I report to program was considered not applicable 💔.Recently I enrolled in a program(example.com),and I started my usual path of finding subdomains and if I find some interesting domain,then I will do directory brute forcing on it.Then, I found example.com/admin directory and I saw a login page.I used default credentials to login into it and it was not successful.Then, I looked into the source code and then I did not get anything useful until i noticed javascript file link in the bottom of source code.It was like example.com/admin/xyz/jQuery.js.
There was no useful information there , but then I tried to move one directory back (example.com/admin/xyz), and it was 403 page.I moved another directory back(example.com/admin), and I saw the dashboard.I was admin, even without logging in as one.If I directly try to access example.com/admin, it asked for a password, but, if I repeated the previous steps,it did work and I was admin again.I did not know why it was happening, and I reported it to program.It was my first Critical bug, and I was excited.As usual, it was out of scope, and it was tagged as not applicable:-):-).I decided to not repeat this anymore, and will find more bugs in future.If you know why the application behaved in this way, and why did this security flaw happened, or if you want to contact me,
Ping me here http://twitter.com/abhishek3141Pie
Bengali (Bangladesh) · 
English (United States) ·