How I found my first P1 level Bug. $$$

Hello Hunters,

This is my second blog, Today I will share a write-up about how I was able to See the user sensitive information on a Private Program on BugCrowd.

Before reading this report go check out my first report.

Lets Start …

I can't disclose the program name so assume it as www.examle.com

  1. I was Testing for XSS on this website so I started testing on different parameters.
  2. So what I did is open my burp capture the request and spider the host, I saw many parameters over there.
  3. Testing on the huge parameter will actually take a lot of time so I tested on 10–12 parameters but no results for me.
  4. So next I try to do a store XSS on first name and last field, but I was not able to write the script on first and last name, So what I did is capture the request in burp and change the first name and last name and dang my script was stored but unfortunately, the script is not getting executed.
  5. So i thought to send the capture request of first name and last name to intruder and I just select those parameters.
  6. So I have a payload list I just fire the payload list.
  7. Dang I see my Payloads are getting executed with 200 response and a huge number of length.
  8. So I just sort the length and check the response for the highest length. But still I was not able to get any XSS pop up
  9. I was checking each response but no results.
  10. Suddenly I saw the URL on the browser it is like https://something/api/xyz18/id
  11. I was able to see my user id number specified to me over there. I found something Juicy over there so I just change the I’d up down and

BINGO

12. I was able to see other user data which can be easily used by an attacker to scam user

What I did is checking more Id no. didn’t dig much on user information. Reported the report to bugcrowd got positive response from them.

My first P1 level bug.

What we learn:

We should check everything even small small things sometimes the bug is Infront of our eyes but we never notice on small points.

I hope you like this post.

That’s all for today guys.

#BugBounty #Cybersecurity #Hacking #Hunting #Secure #KeepHacking

If you really are Hacker! then just give it a try