P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC
Hey Guys,
So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also code etc, so i searched in github.com
Now in search i saw a file named
“report.js” created by someone from the firm and upon checking the file t contains login info of an account
},
{
"cells": [
"[email protected]",
"Password123!"
],
So Now the Next Thing for me was to try to login to the target site using the information i got from Github so i did try login and surprisingly i was logged-in
Now To see More of it’s impact the site has this in their FOCUS AREAS of the policy
“https://help.mytarget.com login via SSO”
so I went to https://help.mytarget.com/ and clicked login and because i was already logged-in to the root account i was also logged-in to the help center and i was able to see all of the support tickets of others made to help center and as i was in an Employees Account i was able to see all tickets made to the organisation Some of the tickets contains tokens, api keys, passwords, and PII of their customers
Thanks For Reading 🙂
Discover more from Security Breached Blog
Subscribe to get the latest posts sent to your email.
In general What things you look for when searching github?