[Leak] Can I take the user information, please?!!


Hi again it's me :P,  I found a cool bug on a private program I wanna share with you.

Like every time I start testing on a target I opened my Burp Suite and start visit every link and send a requests to the website to collect the endpoints, and paths and when I try to add a user on my account I write test on the name and I found that the page send an automatic request to an endpoint to check if this username available or not the endpoint form is

https://target.com/api/user/endpoint_name?q=

the value of username which you write on the input field will be added to the q parameter and the server will send a post request to the endpoint the problem here is the response which gives me a lot of information about this username like email, phone number, UUID, company's information, and a lot of other information almost all of the account information except password, it was cool for me but it's not very cool because I should get the username to get this information I continue testing and get some endpoints I found a very coooooooooool thing another parameter on the same endpoint which is size you give it a size of output information what this means? if my output is 1000 I just wanna see 10 outputs now I will use this parameter like that size=10 it will show just 10 outputs, not all 1000 what is the cool thing here? the cool thing is when I set the q parameter empty and give the endpoint a size it will respond with users' information too if I give the size parameter a value 100 the endpoint will response with 100 users information like I said before almost all information of the account, it was a cool bug I like it so much :P, so if I used this link to get the information

https://target.com/api/user/endpoint_name?q=&size=100


in the end, I hope this is good for you and thanks for reading my topic, Goodbye.

Comments

  1. hi. my name is mehdi. i read write-up in CTF write-up.
    it is very good. you are professional. well done. may you help me.
    my job is penetration tester but i am not professional. i have knowledge in information security and web security and mobile security. i want become professional in bug-bounty. please help me.

    ReplyDelete

Post a Comment

Popular posts from this blog

[Bypass] Cool Open redirect Bypasses

[Part 2] What is XSS and Example of Filters & Bypasses