HIii there, My name is Deep. I’m a cybersecurity student. This is my first blog. In my writeup if there is any mistakes so pls let me know.
Story of how I found bug
One day I was just scrolling in this site where I found my critical bug. And I thought let looks for vulnerability. So I decided to look in register. There I throw some xss payload. But I could’t find anything there :(
Then, after few minutes I decided to look for admin panel. And I just type /admin after the site url and I got admin panel.
Then, I looked for the database the site was using by wappalyzer. And the site was using mysql database.
Moving forward, immediately I put simple and easy sql payload just besides the admin like this (admin' OR 1 --) in the password field whatever you like to enter.
POC
And by chance I got admin panel :). There I found the users mobile no. and email information.
Immediately I decided to report to the organization. However this site was not included in any bb platform. But, bcz of my work and this critical vulnerability I got ₹2500(Rupees) as a bounty.
I hope you like this blog ! You can show me some love by hitting clap button. Thanks for reading this till to the end.
Here is my Linkedin feel free to connect me.
To add your blog, send an email to hello@bugbountydirectory.com
