how I was able to find information disclosed by reading my old report and understanding the website

Introduction

Hello, everyone In this blog I am to share my recent finding which is I was able to access every sensitive information about IDs of very certain groups used by the company

Vulnerability

This bug is related to my first findings on this target which you can read by clicking on this LINK Story is like this after I reported that bug and became resolved one of many things that were exposed that were the ID of the group in the company at that time I do not give much attention to it but after 5 days of my penetration testing on that domain I gain some intel that ID is the very thing which is being asked to me to give it in some parameter buy using the certain ID of certain group I was able to gain some access to the website certain function after I confirm that I was certain that when every ID of the group is being exposed it is sensitive information after that I check all history of my burp suite I find URL which was giving me the ID of a lot of groups after I report it company accepted as information disclosed

Conclusion

By doing an analysis of my old report and trying to understand what is important to comply and what is not important to comply even if it takes me a week to understand what is domain is meant for and what is doing it by understanding what I was able to find lot of bugs.

You can follow my journey and connect with me on social media:

• Twitter: @ReekElderblood
• LinkedIn: Reek Elderblood

Thank you for reading, and I look forward to sharing more of my journey with you all.