From Recon to P1 (Critical) — An Easy Win

  1. The application had a huge scope — *.target.com
  2. No specific application URL was out of scope
  3. Subdomain Enumeration to increase the attack surface
  4. Finding juicy domains to work on
  5. Discovering directories with directory Bruteforce
  6. Discovering hidden endpoints with Bruteforce
  7. Manipulating application logic to bypass Email Validation
  8. Critically Sensitive Data ~ Easy Win!

--

--

--

Security Engineer | Bugcrowd Top 150 & MVP| Synack Red Teamer | Cobalt Core Pentester | Bug Hunter | Author | Speaker | Learner | Poet | Twitter — @harshbothra_

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What is SQL Injection (SQLi) | SQL Injection Example

Know your facts about the 3 Graces

SushiSwap Hacked for $3 million

The PowerShell way of encrypting AWS EBS volume

Cloud Based Storage Misconfigurations -> Critical Bounties

Flash Stock Firmware on Samsung GALAXY GRAND Prime SM-G530R4

Flash Stock Rom on Samsung Galaxy

Is Web 3 far superior to Web 2?

OS Command Injection

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Harsh Bothra

Harsh Bothra

Security Engineer | Bugcrowd Top 150 & MVP| Synack Red Teamer | Cobalt Core Pentester | Bug Hunter | Author | Speaker | Learner | Poet | Twitter — @harshbothra_

More from Medium

Top 10 API Bugs — Where To Find Them

Baby Step toward Android App Penetration Testing

Password Reset to Admin Access

Automate your recon With Censys | HOW Pro hacker use Censys