Skip to main content
Security Breached Blog

Hacking a Company Through help desk – Ticket Trick | Bug Bounty POC

Muhammad Khizer Javed November 5, 2018



So First of all before i start writing about this issue i want you guys to read the blog about Ticket Trick it was written by Inti De Ceukelaire (Thanks to him for sharing this and help us work on it to secure more companies ). This blog is just about my experience with this issue and how i use this issue and got access to help center of a website.

So i got invited to a site and at first glance the site looked pretty secured but one thing i noticed was a simple issue but this issue can be changed into a big one the issue was that when i did Sign Up on the website i was taken straight to my dashboard instead of sending an email or asking me to confirm email address either it belongs to me or not so i was really curious about what i can do with this


Now the second thing i did was to visit and see if they use SSO (Single Sign On) so that i can login to using the same account that i have at and yes now i know 2 things about my target

  1. The Target does not ask for any verification at Sign Up
  2. The Target Use SSO for support portal



Now I created a new Account this time using the email [email protected]



And Yes I was Logged Inn to the Account Already but now here there was another thing about the site the site had like a separate account you have to apply for from your company email so when i used [email protected] i basically bypassed the approval process and was in almost completely different account from normal user because i had agent tools etc that a normal user account didn’t have .


So now after Getting Access to my new account all i had to do was to visit and Click Login i’ll get redirected to….. and will be logged in to after that i simply went to my activities tab and DOOM! 🤯 🤯 🤯 🤯 🤯 🤯 🤯 🤯


And That’s all a lot of tickets had passwords, even banking details etc

Now Fun Time the program i was testing had multiple domains in scope but all were connected to one account so creating accounts using emails of all other domains and then checking their support portals i got access to many Support tickets i.e



And that’s All for This blog takeaways from this blog is to always try to abuse the working of an application in order to hack it…