![Yukesh Kumar [ 3th1c_yuk1 ]](https://miro.medium.com/v2/resize:fill:88:88/1*2AwoEKRugVPd0Ca7HztFuA.jpeg){kind=small}
UNAUTHENTICATED ACCESS TO CLOUD PORTAL — A 🚪 WITHOUT 🗝️
Everything changed to an offline mode including my exams so I don’t have time to hunt for bugs but I have a VPS which runs 24/7. I recommend you to buy one, it’s very helpful in many ways.
Hello Ethic_Hackers,
I’m Yukesh alias 3th1c_yuk1. In this blog, I’ll discuss Unauthenticated access to a cloud portal in which I can able to do many things as an admin.
I can able to do the following things…
There are so many things I can do with this and bug hunters know what we will do next… There are many more possibilities in this dashboard but I didn’t do anything because it’s complicated and it will affect every other users, so I reported it as simple as it is with the elaborated impact of what an attacker can do.
APPROACH :
I’ll always love to recon. I will always do some grep in Linux and yes I love it. Whenever I get a large number of domains I usually grep for some interesting domains with specific keywords like …
Staging
Stg
Dev
Portal
Admin
…..etc…..etc…..
It’s up to you to find more. So after finding subdomains of the target my script will automatically parse all the specially grepped subdomains to httpx for checking whether the host is up or not. Then it will parse the alive hosts to Eyewitness ( a tool designed to take screenshots of websites ). So after this, I will get a notification like …
There is a tool created by Inside ProjectDiscovery called Notify. You can use that too.
Now it’s time to do manual recon. I simply visited all the grepped subdomains one by one. There are thousands of domains even after being grepped with keywords but still, I tried to visit one by one. After some time I got a weird subdomain with the name “portal” throwing out an error message. You can see it here…
I tried to refresh it and all of a sudden I logged into the dashboard but after some seconds it throws the same error message.. 502 Proxy error. I don’t know what’s happening there so I kept opening the tab aside and checked the other subdomains and ended up getting nothing.
So now I decided to check that subdomain once again.
First time — Shows the error message.
Second time — loaded for a second and showed up the error message.
Third time — logged into the dashboard but after some seconds showed up the same error message.
I don’t know how I got this idea. I just opened the private tab ( In mobile it is incognito mode ) pasted the domain and boom 💥 ended up getting into the dashboard without any error messages.
I don’t know how it works and how the developer created this subdomain. I laughed inside me. Explored the whole application got some sensitive API keys and much more.
Thanks to Aseem Shrey (@aseemshrey) for making a video on how to get free push notifications.
If you came up with any suggestions or doubt you are always welcome …
TWITTER — https://twitter.com/3th1c_yuk1
LINKEDIN — https://www.linkedin.com/in/3th1cyuk1/
Do Follow Techiepedia for more Interesting write-ups.
![Yukesh Kumar [ 3th1c_yuk1 ]](https://miro.medium.com/v2/resize:fill:144:144/1*2AwoEKRugVPd0Ca7HztFuA.jpeg)
