Hello guys, I am Faique a security researcher and a bug bounty hunter and I welcome you to my write-up on a story of a hack that I did a couple of months ago, At first, I thought of not sharing it because it was an easy finding and also I got no bounty from them but then thought of sharing it, as the infosec community has taught me so much that it’s now my responsibility to give back to the community. So make sure to follow me & enjoy the write-up
I started hunting on the target because my brother jokingly told me to hack it because he wanted to pass the exam. I cannot disclose the target’s name so I will call it redacted.com
I did basic recon like gathering subdomains but I didn’t find anything. So I thought of focusing on the main domains instead of subdomains.
redacted.com had functionality to sign in so that students could sign in and give their exams.
I didn’t have any credentials that I’ll use to test for bugs. So while browsing on the target I saw the login url https://redacted.com/login,
I changed the end of url from login to register https://redacted.com/register and send the request, and Guess what happened I was redirected to admin register page.
I then registered myself as an admin and then logged in. I saw sensitive data like student login information including emails, phone numbers and webcam images. I didn’t expect webcam images, the images of students were being clicked in every 5 mins.
Not only that, I was also able to see the correct answer to the question and was also able to edit it
It was an easy finding but the impact was critical. I reported them and they did fix.