Recon To Admin Creditionals Disclosure



Vulnerability : Information Leakage due to improper error handling


It all started with a cup of tea and curiosity to hack into my Mobile network Provider . I ussually start my recon with the firing google dorks and Sniper . since the name of that company can't be disclose lets substitute it as xyz.com .

Firing this dork inurl: xyz i was able to get my target that web looklikes a VPBX portal for the marketing businesses  and call centers :

I tried Dirbuster but was not able to find anything and there were only default http & https ports were opened. since nothing else was left i tried giving a try to Request A Free Demo with fake details to avoid spam and BOOM! this error showed up : 
and this error leaked some creditionals  : 

TIME TO EXPLOIT :

Since the DB was accessible through internal ip i wasn't able to exploit it however i got access to companies Sengrid Account which was enough :


Best Regards,
@Hx01



Comments

Popular posts from this blog

HTML injection to SSRF

MANGOBAAZ HACKED | XSS TO CREDENTIALS EXPOSURE TO PWN

UBISOFT | BLIND XSS TO CUSTOMER SUPPORT PANEL TAKEOVER