REMOTE CODE EXECUTION ! 😜 Recon Wins

vishnuraj
vishnuraj
Jun 4, 2019 · 2 min read

Hello to readers,

This article is about the funniest remote code execution that i have ever found in a public program on bug crowd. Off course for privacy purposes, we will not disclose the name of the program, so lets call it abc.com

So as always, I was following the regular Recon steps.

Step No#1: Information Gathering

Firstly, I visited the Bugcrowd platform and checked for a program. For a change, I tried a public program this time.

I saw their scope is wide *.site.com (Which is the greatest relief for a bug hunter. Wide scope = more bugs :P )

Step No#2: Subdomain Mapping

Next i used the amass tool to look for sub domains for this host.

From the scan result, I found a number of unused sub domains which led me to narrow down my search to one in particular . Let’s say that was beta.alpha.xyz.internal.abc.com

Step No#3: Vulnerability Identification

After looking into that, I was shocked to see that the website which i found is hosting the Damn Vulnerable Web Application . That looked weird.

Why should a website host something like DVWA, that has a mother-load of vulnerabilities.

Image for post
Image for post

Step No#4: Penetration

I continued with the testing and I used the default login password “ admin “ “admin” and logged in to the website and uploaded a php shell and got a reverse shell . I found that it was still exploitable, but stopped it here and reported to the program.

Image for post
Image for post

It was a quick response that I got back from the program. I have never seen a bug getting fixed this fast. Within, one hour everything got addressed and fixed.

Image for post
Image for post

Well, it was one of the weirdest and funniest bug I have ever found. It was shocking to see a big reputed company making simple mistakes like this.
Thanks to Bugcrowd and team in helping to resolve the issue fast!!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store