How I Found My First Bug in My Bug Bounty Journey
Hello Everyone! Today I am going to share my experience of the first bug that I found.
This bug involves uncovering a security vulnerability leading to unauthorized access and an API endpoint security flaw.
1. Discovery
First, I saw a section on the website that displays the number of registered students, jobs, and employers. To understand where these numbers come from, I inspected the page source and found the following AJAX queries:
2. Testing the Accessibility of API Links
I checked whether I have access to the API links I found.
https://....................../api → 404
https://....................../api/Admin → 404
https://....................../api/Admin/Students → 404
https://....................../api/Admin/Jobs → 404
https://....................../api/Admin/Employers → 404
As a result of these tests, I observed that these URLs return a 404 error.
3.Discovering Other Functions and Table Names in Endpoints
I tried various experiments to see if there are other functions or table names in the endpoints I found. I tried many method names on the following endpoints and I couldn’t find anything, finally I tried the “GetAll” method:
https://....................../api/Admin/Jobs/GetAll
https://....................../api/Admin/Employers/GetAll
When I tried the “GetAll” method on these two endpoints, I got a 401 Unauthorized error, indicating that these methods are available but I am not authorized to access them.
4.Successful Access to Student Table
When I continued my tests on the third endpoint, I did not get a 401 error when I tried the “GetAll” method and accessed all the fields in the Students table.
https://....................../api/Admin/Students/GetAll
Even though I found this bug relatively easily, it was a critical bug with a high severity level. Software developers need to be more careful and test more rigorously in these situations.
Contact me at my linkedin address.