How i hacked help desk of a Company

Hi leets! this is ali, i am here with an other interesting writeup for info sec community.

Sometimes developers mistakes harm companies. I was testing a site which give me by a researcher. He tell me site is giving $500 per vulnerability and he earned $5000 :D

So i think to give it a try. Upon searching some interesting endpoints in HTTP history of burp, i saw company.zendesk.com, i opened it and press the sign in button.

Target company uses SSO for login to support portal. So i am logged in to my support account where i can see my tickets and tickets where i am CC in.

In the meanwhile i thought about Inti De Ceukelaire writeup. Then i just sign up on company sign up page with support@company.com but it already taken.

Then i try other emails like help@company.com and affiliates@company.com.

Both are available and i can see support tickets where these emails are CC in.

So in this way i can takeover there help desk because there is no email verification on sign up.

I hope you get it. Thanks for reading.