Whoami
Hey Hackers!! Myself Athul a Security researcher & Bug Bounty Hunter who loves to explore the world of cybersecurity and find the loop holes in the digital world and Protect them.This is my first writeup so kindly ignore the mistakes
Lets Begin,
RECON
So first of all i can't disclose my target's name so let's call it as www.target.com . i found this domain using powerful searching technique called as Dorking or you can call Google hacking
intitle:admin site:*.com inurl:login intext:bank
When i opened the web app it showed up me a normal admin login page nothing fancy there and then i start playing with the login page like any other hacker would do try default username & password as admin and Boom!!.
I was In and i'm able to see all details of the customers Critical (PII) info like Name,Account number,transcation details,Phone numbers it's about 400+ users details were present there.
It was a Security Misconfiguration vulnerability listed in OWASP Top 10
That's all for now.Hope you guys liked it & find informative please leave your comments
Feel free to Connect: