Power of Your Own Wordlist — Fuzz for Log File Leads to Information Leakage

Photo by Roman Kraft on Unsplash

This is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has operation in over 10 countries over the world. As I am not allowed to disclose the detail, I would use redacted.com as the target site and all parameters and directories shown in below passage are all made up.

--

--

--

Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How I earned $1200 on a bounty program :O

NSI Experts in the News — All Things National Security

Build The Next Generation of Cybersecurity Training and Academic Study

Fortanix Provides Intel® SGX-protected KMS with Alibaba Cloud

Tachyon Protocol Weekly Report #111

A Week in Privacy #11

How To Maintain Physical Security For Your Business

The basics (3/3): key stakeholders in data protection

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MikeChan

MikeChan

Cybersecurity, Part-time bug bounty hunter. Support me by subscribe: https://mikekitckchan.medium.com/membership. Ping me for online private tutoring.

More from Medium

Bug Bounty Adventure -2- (Information Change Without Password)

How We “Forced” Our Client To Fix A Low Severity Security Bug And Still Got Appreciated!

A tale of zero click account takeover

Hunting for Bugs in File Upload Feature: