My Bug Bounty Write Ups (Part-1)
Hey everyone in this blog I will explain how I found 3 bugs.
Bug Type: Business Logic
Get free access to the paid content with single discounted coupon
We have a target domain some.redacted.com/product
where we can apply a personalized discounted coupon and get discount.
How did I found it:
Got a coupon code from an event for one product
But I want 3more products :)
So wanted to try every possibility that I can for that I started like this
- Go to the purchase page and apply the discounted coupon
- Open other tab and browse through other product and go to purchase page.
- Again apply the same discount coupon and it is going to be applied and the discounted price will be appear.
- Now you can buy all the products by clicking buy.
Note: This can be applied only for websites where the discounts are calculated and applied before purchasing not at the time of purchasing
You can also use burp to send all the requests at a time with the discounted requests for different products. So that server can process those in parallel and the coupon code will be applied to every product.
Bug Type: Domain takeover via WordPress admin panel disclosure
I got access to complete domain by simply creating a new user in a wordpress website.
How I found it:
The first thing I do when I got a target is robots.txt then FUZZING the directories
I Started fuzzing www.redacted.com/FUZZ
Got /wp-admin
There is a option to create new account, So I quickly created and accessed the domain and I am able to modify the pages.
Bug Type: Sensitive Information disclosure via Directory Listing
I found a target and It is a college related website. So, this time thought of using Google Dorking as It may contain students file uploads.
How I found it:
Used google dork:
site:redacted.com filetype:"pdf"As expected I found a offer letter which is uploaded by students in the path
www.redacted.com/aaa/bbb/ccc/uploads/[redacted].pdf
So I quickly browsed to www.redacted.com/aaa/bbb/ccc/uploads
And yeah found all the uploaded files there. Which includes a lot of sensitive information like personal mail, numbers, bank transactions and even aadhar card numbers.