400$ Bounty again using Google Dorks

Hai, Hello, Vanakam to the all the Hackers

Hey hunters! This writeup is my Second writeup I’ll share with you how I get 400$ Bounty again using Google Dorks. If you didn’t read by first writeup please look here , and here we go Let’s get start. kindly excuse my typos & brevity.

I hope everyone know how to use Google Dorks. You guys know that google dorking is playing main role in Hacking. I was seaching for a private program and lets called a example.com ( I am not suppose to revele the program name )

Lets Start

I have choose a target and started subdomian enumeration with httpx

After done with my subdomain enumation I have found that one of the subdoamin is managed with WordPress

ok

My mind says try to bypass WordPress login. lets turn on Hacker mode

In have already read some blogs that in my mind so I have used here. I used example.com/wp-content/uploads/2021/ and hit entered . Boooooooooooooom!!!

Yes! . its 403 forbidden but I didnt loose hope on that in my mind this was running

Why should I jump and search more detail about Wordpress after recon about wordpress and excample.com

I have seached for wp-db so here I have used example.com/wp-inc/ and hit enter. BOOOOOOOOOOOOM!!!!

Here you can see that wp-db.php file and latest updated files here

I was like

I quicky made a report of it and submitted then with in few days got my bounty

Thank you for reading mywriteup. Kindly do follow up for more updates

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store