Hello Folks 👋,
Welcome again! Parth this side from BUG XS team.
I hope you got some information from my previous writing on Account Takeover Vulnerability. Today, I am going to discuss about a vulnearblity that I found on one of the most reputed airline company. At the end of the write up I have provided a video link that will help you to find sensitive data on the domain.
BUG XS community in their bug bounty batches teach some amazing ways to find out different vulnerabilities ranging from Open Redirect to XXE 💛. So, if you have any queries do not hesitate to reach out to us on our Instagram Profile. You can click on BUG XS to visit our Instagram page.
Now lets jump to the issue.
The power of bash scripting allowed to explore the target and look for different functionality while my recon stuff is done automatically by my bash script.I tried many different vulnerabilities there, ranging from Account Takeover to IDOR. After I was done with first cut hunting, I switched to my VPS to look out what other things my script bought for me.
To my surprise, my fuzzing tool bought me plethora of results. Some of them were of RTFS kind. (UKWIM, Read The Fucking Screen :-p ). But one thing caught my eye and that was SQL Log file.
This file was sensitive because it contained data like credentials, operations, File group, File type , File name and much more juicy things.
This was not it. When I saw the file structure of SQL and how the other files were stored, I was able to traverse from one directory to other as well. Although some directory where not found but still traversing through the directories helped me collect some more data.
Now I would like you to try the recursion while using any fuzzing tool.You can find best 5 usage of FFUF that will help you to find Sensitive data here.
If you read till here. Let’s Connect!
Instagram ( Community ) : https://www.instagram.com/bug_xs/
Website ( Community ) : https://www.bugxs.co/
Website (Personal ) : https://www.parthshu.com
I hope you found this productive! 🙌
See you soon guys ❤