GOOD RECON LEADS TO SENSSITIVE ACCOUNTS

Milanjain
3 min readJul 15, 2022

--

Hello people i have back with new hacking story !! . so yesterday i was hunting on one of the vdp program let’s consider it xyz.com . so let’s hack it !!

Let’s hack

so when i go to my target https://xyz.com I started recon first i start finding subdomains of my target by the using subfinder . and save it in file

subfinder -d xyz.com -o xyz_sub.txt

then i run some tools for finding bugs but i don’t find anything .

then i find waybackurls of my target

cat xyz_sub.txt | waybackurls | tee -a xyz_url.txt

then i found 10K+ urls and i was like

It is very hard to check each url then i think to find some login panels for sql injection …..

cat xyz_url.txt | grep “login” | httpx -mc 200

cat for opening urls files

grep to extract urls who contains login parameter inner them

httpx -mc 200 :- only whose urls who are alive / and on working phase

then i found some urls who but i try sql injection but do’nt work then i found two urls which looks same

https//subdomain/:fileter/status%5D=either&filters%5Buser_login%5D=name

https//subdomain/:fileter/status%5D=either&filters%5Buser_login%5D=name2

then i open the url in first my view i do’nt understand what is this…

then i again open this …

after some time i found that these are the employees account who translate companies documents . in this account i able able to access every detail about translate and also i am able to see employees details who are they and there name and when they join company . then i think lets try to edit these translates then i found a link you have to login to edit this translation . then i click on the link i found wordpress login panel ..

then i go to login panel who contains username and password .

i have username . but i am not sure it will work then i enter username ( name which i found in url) . boom !! it give me error password is incorrect for this username name . that means user is present in the database i can perform burth force attack to got access !! then i reported it ..

THANKS …

Follow for more ..

INSTAGRAM :-

https://www.instagram.com/m_i_lan___jain/

LINKEDLN:-

TWITTER

--

--

Milanjain

Hacker and bug bounty hunter secure Apple, IBM, Nokia,BlackBerry BBC fastmail upstox Hootsuite wefact + 90 more companies