BOOK THIS SPACE FOR AD
ARTICLE ADJust now
--
Website Testing
Server Security Misconfiguration > OAuth Misconfiguration > Open Directory
P4
Step 1 : Check For Subdomain That Containe : api or metrics or metrics.api or payment.api or etc ….
Step 2 : Do some dirbusting using this list of directory
/metrics/Metrics
/permission/metrics
/auditing/metrics
/missions/metrics
:) Bingo i Found →/metrics :
Step 3 : You will see a page full with data , private memory bytes and other sensitive information