400$ Bounty again using Google Dorks
Hai, Hello, Vanakam to the all the Hackers
Hey hunters! This writeup is my Second writeup I’ll share with you how I get 400$ Bounty again using Google Dorks. If you didn’t read by first writeup please look here , and here we go Let’s get start. kindly excuse my typos & brevity.
I hope everyone know how to use Google Dorks. You guys know that google dorking is playing main role in Hacking. I was seaching for a private program and lets called a example.com ( I am not suppose to revele the program name )
Lets Start
I have choose a target and started subdomian enumeration with httpx
After done with my subdomain enumation I have found that one of the subdoamin is managed with WordPress
ok
My mind says try to bypass WordPress login. lets turn on Hacker mode
In have already read some blogs that in my mind so I have used here. I used example.com/wp-content/uploads/2021/ and hit entered . Boooooooooooooom!!!
Yes! . its 403 forbidden but I didnt loose hope on that in my mind this was running
Why should I jump and search more detail about Wordpress after recon about wordpress and excample.com
I have seached for wp-db so here I have used example.com/wp-inc/ and hit enter. BOOOOOOOOOOOOM!!!!
Here you can see that wp-db.php file and latest updated files here
I was like
I quicky made a report of it and submitted then with in few days got my bounty
Thank you for reading mywriteup. Kindly do follow up for more updates
