How I gained access to Sony’s database

This was a bug that I found back in 2017. This started when a friend of mine (a.k.a 1337) showed me a T-Shirt that he got from Sony . So I thought why can’t I get one so I started doing Recon on the target Sony had a wide range of domains and Sub-domains. I spend 2 days looking for a bug on Sony's main domain and I got nothing

So went for the next thing Acquisitions Same result. So I thought I should do something else so started Dorking


And I landed in and found a sub-domain due to the difficulty in understanding Korean Language I didn’t knew any of the options in the page.

Then something interesting happened page blah blah

so I changed the value of pagename to something else and boom it redirected to that page so lets try etc/passwd and nothing happened..

But Why..?

Because the server is Microsoft IIS you dummy

So as per my experience I never had a chance to Exploit an IIS server so lets search for resources and found that the site uses jsp and has something called a WEB-INF that contains the configuration

and PayLoadAllThings gave me the perfect payload


and i got this as in response

DB Configuration Files

Reported It to Sony and Listed my name in their HOF and a they gave me a T-shirt.

Stay Creative and Happy HACKING