Expose all registerd user email address of private program

Expose all registerd user email address of private program

Hi,This is Mubassir Kamdar how are you all doing hope doing great work and making good money.So today i will discuss on my last month finding in which I was able to expose millions of users emails of private program

Let's Talk About What Private Program Do:

"This website is basically for managment of some kind of payment's :)  "

 So by using google dorks i am trying to find some payment gateways website and luckily i got one so i messaged to Website support and ask them if they have bounty program and my next luck is they have private bug bounty program.I started my hunt by doing recon

For recon i use reconcobra

"Reconcobra is Foot printing software for Ultimate Information Gathering"

 Reconcobra is coded by MR . Haroon Awan in collaboration with Mubassir Kamdar 

So i started my recon using recon cobra and try to find out all subdomains after finding all subdomains i try to find out that any of subdomain is possible to take over but this time my luck was not working and i disappointed after this I go for Bike ridding and after 1 hour i came to home and check all subdomain list again and I find api,web.com 

So i try to test api.web.com and created account on web.com and test all api endpoint but i found nothing intrasting rather then xss on invite friend option and this help's me to motivate for testing more bugs then i come to option invite friend again and this time when i am entering my friend name like "Mub" and it show all account which name start from "Mub" i saw that web give me 3 accounts intercept traffic using proxy tool and check the request i found in reponse this expose all user email address 

Vulnerable parameter : web.com/api/v0.2/user_search/?term=aaa


reply : Nice Catch 

Bounty: For Digit Dollars $$$$


Post a Comment