BOOK THIS SPACE FOR AD
ARTICLE ADWell, well! After the boom-bastic article on the Identification step in our bug bounty and penetration testing series on real Goverment websites, we’re back with the next phase of our methodology: Misconfiguration.
If you’re thinking, “What the hell am I talking about?” you need to check out the previous two articles: [link1], [link2], where we discussed — no, no, we didn’t just discuss, we learned how to identify everything step by step in the website. Another important thing: many readers are unable to access the articles due to Medium membership restrictions. For them, please join my Discord server: [https://discord.gg/DYwQwqCw].
To give you a quick recap what we have done till now : we’re conducting a bug bounty on a real-life government website that has a responsible disclosure program. In the Identification step, we already found one vulnerability. Now, in this article, the Misconfiguration phase, we’ve found two more vulnerabilities — without even reaching the Exploitation phase yet! That’s three vulnerabilities so far, and let me tell you, That’s awesome at least for me.
So, let’s continue from where we left off in the previous article. Let’s start hunting again!