Lessons For Today
My automation was complete, I had results waiting for me when I woke up, and I found in 12 vulnerabilities in total today, some under the same class, different endpoints, some I will most likely not report such as the broken link hijacking — informative, in most programs.
1x Unauthorized Access to the Admin Endpoint
1x Broken Link Hijacking in Admin Endpoint
1x Email forgery via Broken Access Control
1x Salesforce-based Vulnerability
2x Grafana-based Vulnerabilities
3x Misconfigured AWS Buckets
3x WordPress-based Vulnerabilities
In one of the previous days I mentioned how I was adding “Salesforce” based endpoints to my methodology, it seems to be worth it because I found a vulnerable domain and the only thing left for me to do is exploit it (won’t happen today). This proves my point that “Quality Program + Quality Scope + Quality Methodology = Quality Results”. Want to improve? Improve every area of that formula, and you’ll start seeing results or at least, that’s my philosophy, I wanted to put it to the test and it passed.
I obviously won’t get into details about these vulnerabilities, but my current goal is for at least 1 report getting triaged because when It comes to reports things are always unpredictable, but I’ll play my role as a hacker and hope for the best outcome. In my opinion, today was a successful day, I found a couple of vulnerabilities, and the only thing left is for me to report them, it’s a weekend, so I’ll keep hacking and when the time comes I’ll dedicate an entire day to writing reports.
I’d like to leave you with a message I found while hacking today, I was not expecting to see this but a juicy response from the server, it put a smile on my face, hopefully it’ll put a smile on yours too :)
Thank you for taking the time to read through my post. Take care.
For updates — Twitter: https://twitter.com/wallotry/
To send me private program invites — HackerOne: https://hackerone.com/wallotry
