How i hacked help desk of a Company
Hi leets! this is ali, i am here with an other interesting writeup for info sec community.
Sometimes developers mistakes harm companies. I was testing a site which give me by a researcher. He tell me site is giving $500 per vulnerability and he earned $5000 :D
So i think to give it a try. Upon searching some interesting endpoints in HTTP history of burp, i saw company.zendesk.com, i opened it and press the sign in button.
Target company uses SSO for login to support portal. So i am logged in to my support account where i can see my tickets and tickets where i am CC in.
In the meanwhile i thought about Inti De Ceukelaire writeup. Then i just sign up on company sign up page with firstname.lastname@example.org but it already taken.
Then i try other emails like email@example.com and firstname.lastname@example.org.
Both are available and i can see support tickets where these emails are CC in.
So in this way i can takeover there help desk because there is no email verification on sign up.
I hope you get it. Thanks for reading.