Admin Account total Information Disclosure

Nishant Saurav
Jun 15 · 2 min read

Hi Everyone, this is my 2nd writeup on the issue I found on one of India’s premier website for sharing Startup and Tech News.

I was actually hunting for the “Source Code Disclosure” Vulnerability. To do so, I only captured the request i.e.

where ‘idnf’ is the identifier which could be anything.

But when one by one I started checking the Payload results. I opened a request/ Payload/ File named as ‘1’ as shown in the screen capture below.

The Vulnerability was pretty much straight forward. It was Information Disclosure and the Source Code Disclosure as well and that too at the admin level.

I was like...

The website was based on the WordPress and all the content including IP of the DB, admin panel, and the Database’s name, id, and password was contained in this file in the plaintext as shown in the screenshots below.

As soon as I got these Pieces of information I tried connecting and I was successful. So, Informed the owner of the website and they patched the issue fucking quickly. ( by quickly I meant, they hardly took 4 hours to recheck the issue and respond back to them for the bounty). So, I checked and confirmed the mitigation and on Wednesday I received my Bounty of $200. Not Big though but quite a good amount looking at the size of the company.

Thanks for being here reading till now. Please mention in comments if you need more information in my writeups if I am missing out something because I am new to all these articulating stuff.

If you have any questions you can always find me on Twitter from the link below.