Hello friends, I hope you are hunting well in this pandemic. In this writeup I will tell you How I got Hall of fame. Actually, not accidental but “Observation wins”. So, without wasting time let’s get started.

As usual I was hunting on responsible programs. So, I chose Netherlands’s University as a target. I did basic recon and I started doing observation Sensitive Endpoints, How Web application works? What are the features? And where to find critical vulnerabilities.

After spending 30 minutes I found there was file upload feature where student can upload their social media’s shout app on their main domain. There was file upload validation. Extensions like jpeg, mp4, docx. I bypassed it and I can upload anything whatever I want to upload. Yes, you are right. Unrestricted File upload bug. I quickly make Proof of Concept and reported it. (29 Jun. 2020)

I got mail, They said “The page doesn’t seem to exist(anymore).” After reading this mail I visited again that web page. And guess what 404 not found.

Control…

Again, I started hunting on subdomains. And I found Error base SQL Injection. I’m feeling Happy 😊. I ran sqlmap and got Database. I took screenshot and reported it. (09 Jul. 2020)

Their response

I thought where I’m doing mistake? I think I need a break. One day I came across @adityashende’s tweet, In this tweet there is dork about CVE 2018–20824 (jira XSS).

I start working on it and try to find vulnerable jira confluence. I found one domain is vulnerable to this CVE (i.e. jira.redacted.org). Then I visited main domain redacted.org and I found my targeted university’s name in footer.

Proof of Concept

I said to myself “Okay…, let me report this first.” Then I reported it and I was like finally win!

Mail response Thank you for the report. We are trying to inform the administrator. As this seems to be a personal project outside of our network that takes some time. In the meantime I wanted to ask whether you would like to be mentioned in our Hall of Fame.

Relief

Tip: If you found vulnerability. Then check footer, Privacy Policy, security, etc.

Instagram: th3.d1p4k

Twitter: Dipak Panchal

Bug hunter | CCSE