Introduction
One day, while browsing LinkedIn, I saw a post from a cybersecurity researcher sharing an appreciation letter they got from NASA. The curious kid in me waked up, so I decided to check out NASA's Vulnerability Disclosure Program to see what kind of security testing they allowed.
To be honest i was not expecting what is going to be happened next !!
Whoami?
Before diving into the hack, a quick intro. My name is Harsh Kothari aka cyberhrsh, and I'm a security researcher, bug hunter, and all-around tech enthusiast. I spend my time uncovering security flaws, automating workflows.
Recon: Finding the Perfect Target
I followed the recon process (will share soon) which included finding the subdomains, filtering the interesting subdomains, finding vulnerable URLs etc. When this was running I decided not to waste time and check manually to find something jhakass 😂
So, I turned to Google dorks, but I quickly realized my dorks weren't unique and what I was finding had probably already been reported. That's when I started to find some unique dorks and I stumbled upon a writeup titled
Advanced Google Dorking
There were plenty of write-ups on the topic too! If you get a chance, check out AbhirupKonwar articles — they're fantastic and I'm sure you'll love them!
After using some Google dorks, I stumbled upon an XLS file that was leaking PII details of registrants from some meetup or event. The file was located at
without wasting a single second I reported it on Bugcrowd. Ahh you think now i'll get the LOR ? Nah, how can my luck be this good? Turns out, I got a duplicate submission.
I was a little disappointed at first, but I didn't let that stop me. I kept testing, and after a few days, I received an email saying the vulnerability had been resolved. Curious, I went back to check the XLS file link, and sure enough, the data had been removed. Instead, I saw this message:
File Removed Removed; this exists to flush caches
However, I wasn't convinced that it was truly gone. I waited a bit, thinking the removal might just be part of the cache-clearing process. But then I decided to dig deeper.
Then, I went to the homepage and found that the same data was still available there. I cross-checked the details I had reported initially, and to my surprise, the data was identical — it was the same, legit information !!
So I submitted a response request from Bugcrowd stating Issue is reproducible and then in few days i got this reply from Bugcrowd !!
Based on previous steps to replicate vulnerability, system owner has been remediated. Thank you please accept this letter as a token of our appreciation for your efforts in detecting this vulnerability.
Lessons Learned
- Don't assume that a fix means a complete resolution — Just because something appears to be fixed doesn't always mean it is. Always double-check and re-test after a fix has been applied.
- Persistence pays off — Sometimes, you'll face setbacks, like duplicate submissions or early rejections, but persistence is key. Keep pushing forward, and you might discover something even more valuable.
- Leverage resources and community knowledge — When you feel stuck, refer to write-ups, blogs, and guides. You might discover new methods, like unique Google dorks, that lead you to a vulnerability.
- The importance of reporting — Don't hesitate to report vulnerabilities as soon as you find them. Even if your submission doesn't initially result in an immediate fix, it could lead to something much bigger down the line.
COMMUNICATION LOGS:
- Reported through Bugcrowd on 04 Dec 2024 10:07 AM
- Bugcrowd placed a blocker on NASA on 04 Dec 2024 12:08 AM
- Got duplicate on 16 Dec 2024 9:00 PM
- Resolved on 26 Dec 2024 10:03 PM
- Submit response request on 29 Dec 2024 12:17 PM
- Got LOR on 31 Dec 2024 02:37 AM
Feel Free to connect with me on linkedin:
https://www.linkedin.com/in/harshh-kothari
If you find this article helpful, do clap, leave a comment and follow to encourage me to write more. ♥️