Recently Discovered Several Bugs in a Private Program
Hello Hacker, I’m Raihan, also known as “zapstiko” on the Internet. I’m from India, and I recently discovered several bugs in a private program.
Bug Name
- Hard-coded cred found in Js file
- Information Disclosed in Response
- Insecure Direct Object Reference
Finding Section
Before beginning hunting any program, I use the Debugger in Firefox to analyze the js file. As I examined the JS file, I discovered Hard-coded cred in js file, but it’s encoded from, so I can see that it’s Base64. To confirm, open a new tab, search for CyberChef, copy the hard-coded cred from the js file, and input it here. After decoding the cred, try to log in, and I’m lucky, it works. Log in as a regular user. Then I attempted to several bugs in the login form, such as SQLI, Auth Bypass, XSS, and username enumeration but sadly not working.
A few hours later, all of a sudden I had an idea. I am aware that sometimes requests don’t reveal secret parameters. That's why I capture login request with valid cred through Burp Suite and “Do intercept” and forwarded requests repeatedly. It’s not getting interesting, but I discovered the endpoint “profile.php” sent to the repeater and used “Param Miner” to find a parameter. Fortunately, I found the parameter “useid” sent to the intruder and Brute-force with a random value “1–100” and saw that the response showed me “200 ok” send to the repeater and, boom! got admin information showing in response. I stopped thinking and was thrilled to create a report and send it to the company. After finishing this, I memories every step of the process. but I forgot that, I login using a regular user cred, but I found another admin information through a parameter. After a while, I smiled for myself and changed “userid” value “1” to “5" And received another information that reported another bug (IDOR).