My Journey Finding Bugs on NASA

Hello researchers, my name is Shridhar Rajaput,a security researcher on Bugcrowd. Over time, I’ve hunted down and reported a bunch of vulnerabilities, but one of my most interesting finds happened using google dork when I decided to take a swing at finding bugs at NASA. Let me tell you how it all started.

Google Dorking is nothing but a kind of filter, meaning that the dork you provide will only show the results that you need. For example, if you only need PDF files from a particular domain, using Google Dorking will bring up only the PDF files from that site. It won’t show a lot of unrelated data. But it is also used to find sensitive information, such as sensitive files or documents from a particular website, which could include confidential files, etc. Hackers often use Google Dorking to locate exposed or vulnerable files that should not be publicly accessible.

So, let’s begin.

It all began when I saw a post on Instagram about a “Letter of Recognition” from NASA. It caught my eye, and I thought to myself, “What is this about? How can I get one?” After some digging, I found out that people were getting these letters by finding bugs on NASA’s platforms through Bugcrowd. This really sparked my interest, and I decided to give it a go.

Now, I knew the first step was to gather some information. So, I started with OSINT (Open Source Intelligence), looking for subdomains, main domains, and using tools like WaybackURLs. But after all that work, I didn’t find anything useful.

Then, one day, I stumbled upon an interesting article on Medium about Google Dorks. I’d heard of it before but never really looked into it. The article sparked something in me, and I thought, “Why not give it a try?” So, I began searching using Google Dorks.

Usually, when I start my search with Google Dorks, I begin with some advanced queries. These are things like:

These queries help me find specific file types or pages that might contain sensitive information. They allow me to dig deeper into a website and uncover things that might have been missed during the initial search.

At first, I found a bunch of files, but nothing really stood out. I kept searching, but nothing interesting popped up. After a while, I came across a file marked “Confidential.” I thought, “This could be it!” but when I reported it, I was told it was a duplicate. So, I decided to take a break and went out for a coffee.

A few hours later, I came back and decided to give it one more shot. This time, I thought about modifying my search with some different keywords. I typed in site:target.com filetype:pdf "internal". And then, I found it—a file called "Internal Quality Auditing."

It immediately caught my attention. I thought, “This could be sensitive. It’s an audit report, and it’s internal. Definitely something that shouldn’t be out in the open.” I decided to create a bug report and submitted it to Bugcrowd.

Within 15 hours, I got a message back from Bugcrowd.

I replied, explaining my findings.

Two days later, the bug was triaged, and the vulnerability was accepted.

About a month later, I got the notification that the bug was resolved.

It was a pretty thrilling experience, and it all started from that simple curiosity about NASA and that Instagram post. It just goes to show how sometimes, a simple idea or a random thought can lead to discovering something significant.

Thanks for reading, and I hope you found my write-up informative.

Happy hunting, and remember to test responsibly!