How i Hacked BASF Company !!

Murtada Kamil
Oct 10 · 1 min read

Hi

its Murtada Kamil a security researcher from Iraq

I would like to share with you my bug that I found in BASF through their bug bounty program

During my recent bug bounty hunt, I came across a critical and yet simple vulnerability.

First i search for subdomains of the company using Virustotal

there is a subdomain which get my attention

i click on this site to see what is there

and b000m

so i can access to the admin panel without any authentication and i am able to edit, remove and upload anything

The comapny fixed this bug by secured it by Mobile OTP OR RSA Token

Time Line:

30/3/2018 Report Sent

02/04/2018 Triaged

17/5/2018 Listed in hall of fame

10/10/2019 Report disclosure

Thanks for reading

Security Researcher | 17 years from iraq

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade