.png)
3 years ago
159 BOOK THIS SPACE FOR AD
ARTICLE AD
I had just finished my exams and I thought of going for some bug hunting. I did not want it to be a hardcore one in which I would put hours of effort and all and meanwhile I came across the well-known United Nations hall of fame.
I thought why not give it a try!
I quickly checked for the scope and picked up the target.
Started my initial recon on the site.
Found subdomains and filtered the live ones.
I picked up a random subdomain and started digging deeper.
I found an interesting endpoint in the JS file which had directory listing enabled in there.
I checked the folder for sensitive info… No luck.
Tried to jump a directory back but was unable to
I tried path traversal in URL by using ../../
And boom! there were JS files and HTML files
The interesting part is that there was a SQL file the size of which was 1GB
1 GB!! That’s a whole lot of stuff for an SQL file…
I immediately reported the same to the infosec team.
I received the reply the very next day and I got inducted into the UN Hall of Fame within a few days!
We’ll I can brag as of now that I top the UN Hall of Fame as on 02/07/2021
:P :P
Timeline:
15/06/2021: Bug Reported
16/06/2021: Acknowledged and bug accepted
23/06/2021: Listed in the UN Hall of fame
Tip: Never forget to check for JS files.
LinkedIn: Bhavak Kotak
Instagram: bhavak_29
Twitter: BhavakKotak
:NOTE:
All the images belong to their respective owners.
Your valuable comments and suggestions are always welcome…
Bengali (Bangladesh) · 
English (United States) ·