Hello friends, in this article I will share my experience in finding a sensitive data exposure vulnerability in the NASA VDP bugcrowd platform and getting my first hall of fame.

What is Sensitive Data Exposure? Sensitive data exposure is a security vulnerability where confidential or private information is accessed, disclosed, or stolen by unauthorized parties because it wasn't properly protected.

Google Dorking Technique : Google dorking (also called Google hacking) is a reconnaissance technique where you use advanced Google search operators to find sensitive, misconfigured, or unintended information** exposed on the internet

Proof Of Concept : 1.I used the following google dorking payload to search for sensitive data exposure vulnerabilities.

site:.nasa.gov drive.google.com/drive/u/0/folders/
site:.nasa.gov docs.google.com/spreadsheets/d/
site:*.nasa.gov docs.google.com/document/d/

2.I try to find sensitive information from the following payload that I'm using.

3.Here I got a PDF file that contains directions to Google Drive for meetings and internal meeting reports.

After I reported this vulnerability, I got a hall of fame at NASA and I'm very happy because this is my first hall of fame at VDP.

Lessons Learned : In conclusion, Google dorking shows how powerful search engines can be at revealing sensitive files when websites are misconfigured. While it can help security professionals identify and fix weaknesses, it also highlights the risks of poor access controls and careless data exposure. This makes it essential for organizations to properly secure their files and regularly audit what information is publicly accessible.

Refrence :