P1 Vulnerability in 60 seconds

Wh11teW0lf
Sep 5, 2018 · 1 min read

On January 2018 i was invited to privat program on Bugcrowd with *.bountydomain.com scope.

I found 12 vulnerabilities on subdomains of this company and decide to look on the main site which located on www.bountydomain.com. I run Wfuzz (i love wfuzz much more then dirbuster) and found that on https://www.bountydomain.com/blog/ was run Wordpress blog.

First think was like: “Men, this is new version of Wordpress and blog on main site => no vuln”. But, i decide to check this resource… and BINGO!!!

Wfuzz told me that following URL have 200 code status: https://www.bountydomain.com/blog/_wpeprivate/config.json

This file disclosure API key from WPEngine, DB username, DB password and so on.

Bounty: 1500$

Twitter: https://twitter.com/Wh11teW0lf

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Wh11teW0lf

Written by

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade