Fuzzing made Hacking : Critical Information Disclose
Intro : Hello Hackers! Welcome to my new Hacking Article on Bug Bounty. Last Week I started exploring OpenBugBounty Platform and there I Find some Interesting Bugs from them I found this is quite Rare to find but so easy with Fuzzing. So let’s start.
I started searching a Domain on that Platfrom → xyz.com(assume). So as usual I started Basic Recon on that Website. First I start Fuzzing Interesting Directories with dirsearch Tool.
When I start I found a Awesome Directory .env and it is Accessible Directly. Much Interesting.
Then I directly Hop over that Directory. It is like this.
Here I got API Keys, Database Password and many more things.
So that’s it. Then I submit this Vulnerability and waiting for Response.
THANKS FOR READING!
If you like it don’t Forget to follow me for More Articles.
Happy Hacking~
