Hello everyone I am Shubham (P3nt3st_guy) I am a Cyber Security Analyst. This story about few months before where I stared getting into the bug hunting, as everyone knows that it’s really cool stuff. So i also start digging into some of the target on bugcrowd.

As I follow simple methodology that trying with go reconnaissance, gathering as much as sub domains with different tools like Sublist3r, findmydomain, virustotal and many more other resources. and one subdomain let’s assume that the subdomain name is tech.assume.com that i tired to head into it with a very basic thing with the login stuff.

Simple signup and signin and where at signin with burp i figure out cookies in response which contain sessionid which is quite interesting thing for me to find.

Here is the simple login request

GET /login/ HTTP/1.1
Host: tech.assume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

Where I check above request with repeater got this

HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Content-Length: 8148
Content-Type: text/html; charset=utf-8
Date: Sat, 06 Jul 2019 05:39:28 GMT
Expires: Sat, 06 Jul 2019 05:39:28 GMT
Server: gunicorn
Set-Cookie: sessionid=sdtu6ullhxaaaaaaaaaaaaaaaaaaaaaa; expires=Sat, 20-Jul-2019 05:39:28 GMT; HttpOnly; Max-Age=1209600; Path=/
Vary: Cookie
Via: 1.1 spaces-router (8385244d922e)
X-Frame-Options: SAMEORIGIN
Connection: close

I reported it without any delay with proper report and it took while to triaged. As program award only points so i got some but i glad to submit my first valid report to bugcrowd in my earlier days.

This is simple story as well as this is my first medium article. I hope you enjoy it. Thank You..!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here