($$$) Broken Authentication and IDOR at [REDACTED]

Hello InfoSec community hope you guys are good, I want to share my finding in bug bounty about Broken Authentication and Insecure Direct Object Reference (IDOR) at [REDACTED], here we go 🔥

Proof of Concept

First is understanding the program, *.redacted.com is in scope so we can try to find all of the subdomain of the website. We can use tools to enumerate subdomain like Sudomy, Subfinder, Sublist3r, etc.

GitHub - screetsec/Sudomy: Sudomy is a subdomain enumeration tool to collect subdomains and…

GitHub - projectdiscovery/subfinder: Subfinder is a subdomain discovery tool that discovers valid…

GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testers

After get the subdomin, I try to open and see one by one of them, then get one of the interesting subdomain that show the login page, I guess the login page was for the admin panel. So I go deeper and try to find something interesting in that subdomain.