PII Exposure: The Data Heist You Never Knew Was Possible!

Hey there, fellow security enthusiasts! Today, we’re going to talk about something that might blow your mind. How an SMTP conversation can accidentally lead to exposing PII. Yeah, that’s right! Many organizations rely on SMTP (Simple Mail Transfer Protocol) for their email communications, but sometimes they don’t realize how easily sensitive data can leak through these conversations, especially when it’s misconfigured.

I was hunting on a private program. I have done basic recon. And started checking one by one in scope domains and subdomains. There was signup functionality on the subdomain. I filled in mandatory details and tested signup functionalities. I was going through burp history. Then I found there was SMTP conversation in response when registration was successful. At the bottom of SMTP conversation there was a link of API, which sends an email and text message to the user after successful registration. They are using third-party API for sending emails and text messages on the contact number. That third-party API was using GET method.

That SMTP response revealed a third-party API key, which was revealing API key, username, message, sender’s name, and template ID. I simply copied that link and pasted it in the browser and — boom! You’ve got yourself a security risk. I received the same message a second time. I tried 4 times, and I received 4 text messages [financial loss]. I played with that API a few times. I was able to OTP or text, whatever I wanted to send, on any random number.

Then I went to that third-party website and sign up for an account. And read documentation. I found the wallet and report API. When I hit the report API, I was able to see usernames, passwords [generated password], full names, and contact numbers. I tried to log in with those creds, and I was able to log in successfully.

That’s all fellas, Stay safe and keep hacking (ethically, of course 😉)!!!

Instagram: th3.d1p4k

Twitter: Dipak Panchal

LinkedIn: Dipak Panchal