Published in


How I got a Widget-Dev access of site because of improper authorization

Hi everyone

Today i would like to talk about one of my interesting finding in which i was able to bypass Dev admin panel because of improper authorization so lets come into the main point

Lets assume the target as {During subdomain enumeration i found one of their subdomain in which they were managed widgets setting and etc.

Now the game starts here -

Woahh!! redirected to dashboard and i able to do whatever i want

Check this blog for difference between authentication and authorization HERE

I hope you enjoyed this Thank you so much for your time

Have a great bounty life!

Connect with me on twitter @aadesh_namdevv {}



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store