Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage

Photo by Roman Kraft on Unsplash

This is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has operation in over 10 countries over the world. As I am not allowed to disclose the detail, I would use redacted.com as the target site and all parameters and directories shown in below passage are all made up.

--

--

--

Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Policy Overview: Google Meet, Duo, and Hangouts

Russian Cyberattacks Talking Points

The Greatest Flaw on the Internet: Email!

This top TP-Link router has some serious security vulnerabilities, is it true?

Best How To Fix Error 0x0 0x0–8 Genuine Methods

Best How To Fix Error 0x0 0x0 - 8 Genuine Methods

Browser Cookies

In AES, For The Same Plaintext, Will We Always Get Same Ciphertext (for the same IV and Key)?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MikeChan

MikeChan

Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.

More from Medium

Breaking Parser Logic Gain Access To NGINX Plus API — Read/Write Upstreams.

Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…

Exploiting XSS to Steal Cookies (Portswigger Web Security Academy)

Bypassing HttpOnly with phpinfo file