Hello everyone,
I am Nitin yadav(KD) back again with another write-up on some of my recent findings. So without further wasting time let's roll to the bug and how I found it.
It was a long time hunting but I was finding only p4 or duplicates this month so I decided to hunt for some critical bugs. But there’s a huge difference between thinking and doing. It seems to be a piece of cake to hunt for critical bugs. But when we jump into the race we know what it is really.
So I started searching for programs and after a half-hour, I got a program with big scope(at least has some wildcard domains😅). So as the program doesn't allow disclosure. So let's take it as site.com.
The site was having some fewer functionalities but that’s not the problem, the main problem is I need to find a critical p1 bug. So started my recon process. I’ll be sharing the commands and the tools which helped me and hope they will help you too.
Started with subdomain enumeration with
Subfinder
Assetfinder
Findomain
Some subdomain brute-forcing with
Shuffledns
Url extraction with
Gau and waybackurls
and much more like port scanning, Subdomain takeover scanning, gf patterns, javascript scan, directory fuzzing, and much more but no luck. But I think Recon is the key as it increases the target surface and helps find more bugs.
So it's time when I got a lot of information about my target. And now it's time to manually check for bugs. So for that, I opened up the burp suite set the scope, and let's go for that.
After 3-4 days of hunting, I got
And much more But that's not what I wanted from it. I want to find some critical p1 but can't. So the next day I remember about a cool tool nuclei and thought why not give it a try!
And started to scan with nuclei
and within just 5 minutes I got 3 p3{cross-site scripting} and a p1.
After seeing this I was like what just happened to me. I was shocked to see that within 5 minutes I got critical.
Without wasting time I reported the bug to the company. And waiting for a response from the company.
I hope you enjoy this one and I see you next time ;)
Take care and happy hacking!
Comments