Member-only story
I was able to see all user information by manipulating parameters on the website.
Intorduction
Hello, everyone! Today, I’d like to share my recent experience with a bug bounty program it is a story about a bug whereby manipulating parameters I was able to see all user-related information by changing some parameters in a request I was able to see there user name, id,id_org, name, address, and other some real important information.
What is manipulating parameters
Manipulating the data sent between the browser and the web application to an attacker’s advantage has long been a simple but effective way to make applications do things in a way the user often shouldn’t be able to.
Discovery and Reconnaissance:
For this blog let’s say the website name is anything.com and as all bug bounty hunters we all do basic tasks such as finding subdomains, brute forcing subdomains, and taking screenshots of every domain after finishing my recon which takes 3 days when I check all screens short to check if something is interesting there was the domain which catches my interest I was able to get direct access to admin dashboard
Analysis of website
but after I visited that URL I was sent to login panel after doing a lot of paying around I was not able to get access to the dashboard but there is the catch when I tried to access the dashboard by using https://anything.com it first redirected me to https://anything.com/dashboard and after just a few second it redirects me again to https://anything.com/login after paying around of for a long time. I got a trick to how to get access to the dashboard which took me almost 1-day The trick was that the first try URL https://anything.com intercepted that request and forwarded it in burp suite and when the next request came from https://anything.com/dashboard also forwarded it but when the third request come from https://anything.com/login do nothing go and see URL and I was able to access admin dashboard but unfortunately I was not able to make any request of a lot of things it always gives me an unauthenticated message but I was only able to get parameter of search and other important function which was I able to access it
Real bug
