November 5, 2018
Share

Hacking a Company Through help desk – Ticket Trick | Bug Bounty POC

by

Hey,

 

So First of all before i start writing about this issue i want you guys to read the blog about Ticket Trick it was written by Inti De Ceukelaire (Thanks to him for sharing this and help us work on it to secure more companies ). This blog is just about my experience with this issue and how i use this issue and got access to help center of a website.

So i got invited to a site and at first glance the site looked pretty secured but one thing i noticed was a simple issue but this issue can be changed into a big one the issue was that when i did Sign Up on the website i was taken straight to my dashboard instead of sending an email or asking me to confirm email address either it belongs to me or not so i was really curious about what i can do with this

 

Now the second thing i did was to visit https://support.mytarget.com/ and see if they use SSO (Single Sign On) so that i can login to support.mytarget.com using the same account that i have at www.mytarget.com and yes now i know 2 things about my target

  1. The Target does not ask for any verification at Sign Up
  2. The Target Use SSO for support portal

 

 

Now I created a new Account this time using the email [email protected]

 

 

And Yes I was Logged Inn to the Account Already but now here there was another thing about the site the site had like a separate account you have to apply for from your company email so when i used [email protected] i basically bypassed the approval process and was in almost completely different account from normal user because i had agent tools etc that a normal user account didn’t have .

 

So now after Getting Access to my new account all i had to do was to visit https://support.mytarghet.com/ and Click Login i’ll get redirected to www.mytarget.com/sso….. and will be logged in to support.mytarget.com after that i simply went to my activities tab and DOOM! 🤯 🤯 🤯 🤯 🤯 🤯 🤯 🤯

 

And That’s all a lot of tickets had passwords, even banking details etc

Now Fun Time the program i was testing had multiple domains in scope but all were connected to one account so creating accounts using emails of all other domains and then checking their support portals i got access to many Support tickets i.e

 

 

And that’s All for This blog takeaways from this blog is to always try to abuse the working of an application in order to hack it…

Discover more from Security Breached Blog

Subscribe to get the latest posts sent to your email.

Tags:

MuhammadKhizerJaved

Dedicated and seasoned cybersecurity professional with over 8 years of active engagement in Bug Bounty Hunting, complemented by 4 years of experience as a Penetration Tester. Skilled in web and mobile application security testing and vulnerability assessment, I am actively involved in platforms like HackerOne and Bugcrowd. My contributions in the Bug Bounty arena have been recognized by over 200 reputable organizations, including Apple, Google, Facebook, The Government of Singapore, and The US Department of Defense. As an advocate for community growth, I actively contribute as a speaker, conducting sessions in local universities and presenting talks at various security conferences, both locally and internationally, including twice at BlackHat MEA, With a passion for growth, Always happy to connect with fellow security practitioners.

One reply on “Hacking a Company Through help desk – Ticket Trick | Bug Bounty POC”

    • Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    You may also like