Skip to content

Commit

Permalink
Update 2024-01-28-Exploiting-Unprotected-Functionality.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@samidunimsara
samidunimsara authored Sep 22, 2024
1 parent 08fcb24 commit 12a8a3f
Showing 1 changed file with 16 additions and 9 deletions.
25 changes: 16 additions & 9 deletions _posts/2024-01-28-Exploiting-Unprotected-Functionality.md
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,25 @@

---
title: Exploiting Unprotected Functionality to Access User Profiles
date: 2024-09-22
categories: [Hacking, Security]
description: bugbounty,hacking
author: samidunimsara
date: 2024-01-28 11:33:00 +0800
categories: [hackingweb, web]
tags: [hacking,bugbounty]

---

My first step when finding a target to hack is to search for old websites using Google. You can use Google queries to find old web applications. For example, you might try using a query like the one shown in the screenshot:
* My first step when finding a target to hack is to search for old websites using Google. You can use Google queries to find old web applications. For example, you might try using a query like the one shown in the screenshot:

These techniques can increase your chances of finding old applications that may have vulnerabilities.

Using this method, I found an application that was indexed by Google in 2019.

![d](/assets/1.png)
![d](/assets/2.png)



* These techniques can increase your chances of finding old applications that may have vulnerabilities.

Using this method, I found an application that was indexed by Google in 2019.
After specifying the application with the query `site:target.com`, I discovered more URLs related to the website. One URL caught my attention:

`target.com/profile_center.aspx?qs=s4srd4sfd4tsfd5sg5sd5sd5sd5sd5x6f6s55f7s58s5`
Expand All @@ -33,7 +42,5 @@ I retrieved six unique values for the `qs` parameter, giving me access to six di

This is a case of unprotected functionality, where the app lacks proper access controls. As a result, an attacker could directly access user profile management features simply by navigating to the right URL.

I reported it, and the triage team classified it as Medium because the query string value is unpredictable, and they rewarded me with a $500 bounty.
I reported it, and the triage classified it as Medium because the query string value is unpredictable, and they rewarded me with a $500 bounty.
```
Feel free to adjust any metadata or categories as needed!

0 comments on commit 12a8a3f

Please sign in to comment.