How I got access to critical data of a Company in no time ?

Hi All,

I have been receiving bounties for quite a period of time now, but i hadn't described them as such in write-ups. However, one of the bugs I found triggered me to describe it in a write-up so as to spread awareness among companies on how the data can be so critical and yet so risky if fallen in wrong hands.

Coming straight to the point, I have been following this company’s Private program for quite a while and I report bugs to them frequently. One of their primary domain is a gateway to connect for corporate meetings by entering unique Meeting ID’s which allow users to connect using Company’s software or through web console. You cannot connect to a meeting unless you have an invite or a valid Meeting ID.

Console to connect a meeting

As the console was accepting a unique number of digits to connect a meeting, the first thing struck my mind was to check Rate limiting and finding out the range of numbers for saving time. Instantly, I fired up Google to dork on the meeting ID’s for that company and Guess What ! I was able to get some ID’s through FAQ documents published on the company’s sub domain. I entered some ID’s randomly which were mentioned in those documents to check the response. This confirmed that the ID I entered was once a valid Meeting ID.

Response after entering Meeting ID

After watching the response I thought of assuming a Range of numbers to check if I could get some valid Meeting ID’s. I captured the request in Burp and attacked through intruder by Number’s Payload. Below is the response I got after the attack was executed. As the length of the ID’s changed, I got sure there might be a possibility of those being valid meeting ID’s.

Response after carrying out attack

All the ID’s I had got were accepted as valid Meeting ID’s and I was able to bypass the console to connect multiple meetings at various locations. This was a very critical flaw and could be misused by anyone having wrong intentions which could hamper organizations reputation.

Console after getting access to a Meeting

I had reported this bug to the Company’s Bounty Program where it was found to be a duplicate submission. However, this kind of vulnerability should be taken seriously as it may involve critical client data, users data which can be misused in various ways to harm the organization’s reputation.

Thank you all for taking out time to read this. Do give a Clap if you found it interesting !

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store