P1 Like a Boss | Information Disclosure via Github leads to Employee Account Takeover | Bug Bounty POC

Hey Guys,

 

So This blog is a short blog about a P1 issue i found in a site it was a really simple and maybe a common issue, So I got invited to a site and the first thing i mostly do is to check github.com for issues related to that site & also code etc, so i searched in github.com

 

Now in search i saw a file named

 

“report.js” created by someone from the firm and upon checking the file t contains login info of an account

 },
    {
      "cells": [
        "email+30@mytarget.com",
        "Password123!"
      ],

So Now the Next Thing for me was to try to login to the target site using the information i got from Github so i did try login and surprisingly i was logged-in

Now To see More of it’s impact the site has this in their FOCUS AREAS of the policy

“https://help.mytarget.com login via SSO”

so I went to https://help.mytarget.com/ and clicked login and because i was already logged-in to the root account i was also logged-in to the help center and i was able to see all of the support tickets of others made to help center and as i was in an Employees Account i was able to see all tickets made to the organisation Some of the tickets contains tokens, api keys, passwords, and PII of their customers

 

Thanks For Reading 🙂

About the Author

Muhammad Khizer Javed

Ethical Hacker, Bug Bounty Hunter/ Pentester & Gamer

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: