[Leak] Can I take the user information, please?!!

Hi again it's me :P,  I found a cool bug on a private program I wanna share with you.

Like every time I start testing on a target I opened my Burp Suite and start visit every link and send a requests to the website to collect the endpoints, and paths and when I try to add a user on my account I write test on the name and I found that the page send an automatic request to an endpoint to check if this username available or not the endpoint form is


the value of username which you write on the input field will be added to the q parameter and the server will send a post request to the endpoint the problem here is the response which gives me a lot of information about this username like email, phone number, UUID, company's information, and a lot of other information almost all of the account information except password, it was cool for me but it's not very cool because I should get the username to get this information I continue testing and get some endpoints I found a very coooooooooool thing another parameter on the same endpoint which is size you give it a size of output information what this means? if my output is 1000 I just wanna see 10 outputs now I will use this parameter like that size=10 it will show just 10 outputs, not all 1000 what is the cool thing here? the cool thing is when I set the q parameter empty and give the endpoint a size it will respond with users' information too if I give the size parameter a value 100 the endpoint will response with 100 users information like I said before almost all information of the account, it was a cool bug I like it so much :P, so if I used this link to get the information


in the end, I hope this is good for you and thanks for reading my topic, Goodbye.


  1. hi. my name is mehdi. i read write-up in CTF write-up.
    it is very good. you are professional. well done. may you help me.
    my job is penetration tester but i am not professional. i have knowledge in information security and web security and mobile security. i want become professional in bug-bounty. please help me.

    1. you can talk with me here https://www.facebook.com/flex0geek


Post a Comment

Popular posts from this blog

What can I do with Open Redirect with OAuth?

Exfiltrate data from Blind SQL Injection (Boolean Based) | Using Scripting

Just a DOM-Based XSS