Using XAMPP and Burp Intruder when scanning for subdomains to look for interesting behaviour & code

  • Scraped for subdomains using basic tools
  • Ran these through burp intruder to check results and mass grep for certain keywords (“url:” for example to look for any potential ajax requests. “xmlhttprequest”, “POST” etc.)
  • Found an interesting domain which made use of ajax requests, saw after it had authenticated it would redirect to /dashboard
  • Visited /dashboard and was automatically redirected but noticed it was simply a META refresh and the contents had actually loaded as well.
  • Browsed the contents loaded (view-source:) and saw even more javascript code making requests to an appspot.com domain which took a users ID as a parameter. What does this do..?
  • Attempted to query this endpoint and discovered I could reveal information on any user fully unauthenticated using the encrypted ID it responded with on another endpoint on a separate subdomain.

Take aways

--

--

--

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Top 10 Winners of BTFS Storage Space Mining Competition on August 26

{UPDATE} Chezz: Juega Ajedrez Rápido Hack Free Resources Generator

Keeping your data secure when working remotely

Why Cyber-Security Matters with GDPR

How Managed Cloud Services helps to reduce the cyber security threats?

Focused On Family And Cybersecurity

Privacy in eCommerce — The Need to Own Your Data

DecimalChain in numbers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sean (zseano)

Sean (zseano)

UK WebApp Security Researcher. Creator of BugBountyHunter— designed to help people learn and get involved with hacking. zseano.com & bugbountyhunter.com

More from Medium

CS371p Spring 2022: Randall Crawford Blog 12

Case Study: Contenda creates 75% finished blogs from videos

You can now speak with GPT-3 and feel like in a natural conversation

Mastering Ethereum — Ethereum Basics [Chapter 2]