Hey Guys ,
Today I Am Going To Explain A Cool hack From My One Of My Findings recently.Firstly I Was Surfing the site (site name not disclosed because its was a private site). This site was very important as most of internal entity of any business like handling transactions were maintained via this portal.
I was surfing to figure out anything on this private site.To my woes after working for 2 hrs I could not find anything that catches my interest.My reaction was like
So I decided to give up as i was tired enough after day long work on various projects.Before signing off i thought to check whether there exist a sub-domain for the site or not?
I started my customized sub-domain bruteforcer for the site and it figured a site which took my interest
as
transactions.abcd.com(sorry could not disclose the name here).
I thought to check the subdomain but the moment i load the domain on my browser I got the error
I thought Ok ..Lets try to find out the valid page.So i enemurated the domain link for valid page.I figured only one page
(Login page of the subdomain)
But what next?? It like another dead end for me..as guessing valid username and password is something very difficult.
But I thought lets try to check the login procedure before i completly surrender myself and head for Nice sleep.:(.
i just gave and dummy username and password and ready to capture the request to investigate into the cookies and other stuff.
Site thrown a failure reponse but no capture...I knew i hit a jackpot.
Thats means site is checking the username or password using javascript file.Its time to hunt for javascript file loaded with the page.
I figure out the javascript :events.js
Opening the file and i was just like in air beacuse the file containing all the juicy information what an attacker needs to make whatever he wants to do with the server.
so now its time for signing off.
.jpg)
Today I Am Going To Explain A Cool hack From My One Of My Findings recently.Firstly I Was Surfing the site (site name not disclosed because its was a private site). This site was very important as most of internal entity of any business like handling transactions were maintained via this portal.
I was surfing to figure out anything on this private site.To my woes after working for 2 hrs I could not find anything that catches my interest.My reaction was like
So I decided to give up as i was tired enough after day long work on various projects.Before signing off i thought to check whether there exist a sub-domain for the site or not?
I started my customized sub-domain bruteforcer for the site and it figured a site which took my interest
as
transactions.abcd.com(sorry could not disclose the name here).
I thought to check the subdomain but the moment i load the domain on my browser I got the error
I thought Ok ..Lets try to find out the valid page.So i enemurated the domain link for valid page.I figured only one page
(Login page of the subdomain)
But what next?? It like another dead end for me..as guessing valid username and password is something very difficult.
But I thought lets try to check the login procedure before i completly surrender myself and head for Nice sleep.:(.
i just gave and dummy username and password and ready to capture the request to investigate into the cookies and other stuff.
Site thrown a failure reponse but no capture...I knew i hit a jackpot.
Thats means site is checking the username or password using javascript file.Its time to hunt for javascript file loaded with the page.
I figure out the javascript :events.js
Opening the file and i was just like in air beacuse the file containing all the juicy information what an attacker needs to make whatever he wants to do with the server.
so now its time for signing off.
0 comments:
Post a Comment