Hi friends,
I hope you all doing well✌️.
So this is my second writeup about the bug that I found in last month. Lets talk about it.
In my recon phase I got all subdomains and wayback data of target website for example “xyz.com”. Then I send all the subdomains for screenshot. After getting screenshots of all subdomains I went through them one by one.
While looking into them I saw one subdomain has interesting endpoint so, I bruteforce that subdomain and got nothing interesting😔. Fair enough I move towards other subdomains to get anything juicy so I can find something interesting, but at the end of day I got nothing and with that I went to sleep.
Second day when I woke up, I was going through my discoveries/data that I gathered last day and I saw some results in dirsearch folder, I went through it one by one and by doing that I landed on the subdomain “subdomain.xyz.com” that has /admin and when I visited it I got the admin log in panel, I tried to brute force it and got nothing. While brute forcing the admin panel I noticed it has some “version and name at bottom of the page” I googled it and got various results about it, I visited one of the result example “abc.com” I got the same page as I got on the “subdomain.xyz.com” same directories, even the same account that I registered on the “subdomain.xyz.com”, wait whatttt🧐!!!.
Then I searched about domain by reverselookup, dig, host etc and got to know that domains “abc.com” and “xyz.com” belonged to different organization… what😲???
Then I quickly reported that issue and got my P4🎉🎉🎉. So always go through your results, be curious be pocky to find juicy sttuff.
PS: Whenever you think something is not right search about it and if satisfied report it you may get reward for it or even your report may get rejected but don’t loose your hope!!!
I hope you guys learn something from it and if so give a nice clap.
Thank You!! keep hacking✌️…
