This is a story about how I used google dorking to find sensitive information exposed in a private VDP program. This is a rather short story but I think it is quite interesting. So, I was like why not sharing it?
So, it was just another day of hunting. I was hunting on a private VDP program. Let’s call it redacted.com. I just started hunting on it. So, I was like why not try to find something juicy from google? So, I just put in some random google dorking in its search box and nothing seems interesting to me until the one below:
site:redacted.com inurl:admin "@gmail.com"I found a page where exposed all user’s email addresses of my target. Then, I found an edit button next to each address. So, I just click on it. And the below screen popped:
And Boom! It disclosed all information including password of the users which stored in PLAIN TEXT!! Also, I can even edit or delete these records. This endpoint exposed over 38k user’s record.
So, I quickly reported this issue to the program. The issue was latter fixed but as this is a VDP program, bounty for this bug was zero. Nevertheless, I earned 100% appreciation from the company.
Hope you enjoy this writeup and see you next time.
