{"id":2232,"date":"2019-04-07T02:33:04","date_gmt":"2019-04-07T01:33:04","guid":{"rendered":"https:\/\/ninadmathpati.com\/?p=2232"},"modified":"2020-09-13T06:23:15","modified_gmt":"2020-09-13T06:23:15","slug":"how-i-got-a-trip-to-amsterdam-through-bug-bounty","status":"publish","type":"post","link":"https:\/\/ninadmathpati.com\/hi\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/","title":{"rendered":"How I got a trip to amsterdam through bug bounty"},"content":{"rendered":"<p><g class=\"gr_ gr_5 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep\" id=\"5\" data-gr-id=\"5\">Hello<\/g> guys welcome to my blog, Let me tell this is my first blog and will be further writing more blogs on critical vulnerabilities that <g class=\"gr_ gr_7 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace\" id=\"7\" data-gr-id=\"7\">i<\/g> found, I hope you would find it interesting.<br>So without wasting time lets move forward, Here I would like to share how I got a trip to Amsterdam with all expenses paid for 5 days.  <\/p>\n\n\n\n<p>  At this moment a majority of them would have thought the Vulnerability would be a server-side issue, but Unfortunately, its a simple Vulnerability leading to full account takeover. The vulnerability was in the login portal, I guess some of you are familiar with this vulnerability.<br>First of all, let me tell you about this vulnerability which I like very much because it pays good enough &amp; I have found it many times in different ways and the vulnerability is Full Account takeover, Account takeover can be through any method we just need to take over the account in any possible way, here the account takeover was done by Brute force on login portal. Now, what is it and how to find it? <br>For those who don&#8217;t know what  Brute force attack is? <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-style-large\"><p><em>Brute force is a way of trying to bypass the login form or it might be any other form which needs a password to open that file or system. In simple words, we can say it&#8217;s just the process of guessing the password.<\/em>   <\/p><cite><br><\/cite><\/blockquote>\n\n\n\n<p>  Here what I did was I created an account and was just checking for its requests and responses by intercepting the request through burpsuit, after some time checking for the minor vulnerabilities, I went to the forgot password page. Now the real problem was here when I was requesting a password for my account the server was by default setting a new password for my account and sending it to me via mail. When I received mail I saw the password was in a format such as<br> &#8220;Ab3CdF&#8221;  <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"369\" src=\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Capture-1024x369-1.jpg\" alt=\"\" class=\"wp-image-4686\" srcset=\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Capture-1024x369-1.jpg 1024w, https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Capture-1024x369-1-300x108.jpg 300w, https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Capture-1024x369-1-768x277.jpg 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p> and it was a 6 digit password, to reconfirm the combination I requested the password for 100 times by this I got to know that there is no rate limiting implemented on the login page and forgot password page, Now we have the format of the password and nobody is gonna check us if we use it for brute forcing the account but it&#8217;s a 6 words password still we get a hell lot of passwords and its nearly (56,800,235,584) this much, now it&#8217;s really a lot of passwords for checking one account but we have the password format, So Here we can write a python script for generating the password or there are many other tools which will do the work for you. Thus once we generate the passwords we can use the burp-suit intruder (some thing like this)  <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"855\" height=\"690\" src=\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Screenshot-251_LI.jpg\" alt=\"\" class=\"wp-image-4687\" srcset=\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Screenshot-251_LI.jpg 855w, https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Screenshot-251_LI-300x242.jpg 300w, https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/09\/Screenshot-251_LI-768x620.jpg 768w\" sizes=\"(max-width: 855px) 100vw, 855px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p> to carry out the brute force attack. Thus this leads to Full account takeover.<\/p>\n\n\n\n<p> <br>Thus this was all about this Vulnerability. There are many other ways for full account takeover and I guess this is the easiest one to understand,<br>I will be writing blogs, one by one on various ways to take over the account and my other bug bounty experiences. so this is it for the day, thank you for reading the blog. Meet you soon with something more exciting things in bug bounty\/ penetration testing.    <\/p>","protected":false},"excerpt":{"rendered":"<p>Hello guys welcome to my blog, Let me tell this is my first blog and will be further writing more blogs on critical vulnerabilities that i found, I hope you would find it interesting.So without wasting time lets move forward, Here I would like to share how I got a trip to Amsterdam with all&#8230;<\/p>\n<p><a class=\"read-more\" href=\"https:\/\/ninadmathpati.com\/hi\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\">Read More<\/a><\/p>","protected":false},"author":1,"featured_media":2236,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[34],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How I got a trip to amsterdam through bug bounty - Ninad Mathpati<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ninadmathpati.com\/hi\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\" \/>\n<meta property=\"og:locale\" content=\"hi_IN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How I got a trip to amsterdam through bug bounty - Ninad Mathpati\" \/>\n<meta property=\"og:description\" content=\"Hello guys welcome to my blog, Let me tell this is my first blog and will be further writing more blogs on critical vulnerabilities that i found, I hope you would find it interesting.So without wasting time lets move forward, Here I would like to share how I got a trip to Amsterdam with all...Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ninadmathpati.com\/hi\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\" \/>\n<meta property=\"og:site_name\" content=\"Ninad Mathpati\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-07T01:33:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-13T06:23:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2019\/04\/brute-force-attack.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ninad Mathpati\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ninad_mathpati\" \/>\n<meta name=\"twitter:site\" content=\"@ninad_mathpati\" \/>\n<meta name=\"twitter:label1\" content=\"\u0926\u094d\u0935\u093e\u0930\u093e \u0932\u093f\u0916\u093f\u0924\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ninad Mathpati\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0905\u0928\u0941\u092e\u093e\u0928\u093f\u0924 \u092a\u0922\u093c\u0928\u0947 \u0915\u093e \u0938\u092e\u092f\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u092e\u093f\u0928\u091f\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\"},\"author\":{\"name\":\"Ninad Mathpati\",\"@id\":\"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a\"},\"headline\":\"How I got a trip to amsterdam through bug bounty\",\"datePublished\":\"2019-04-07T01:33:04+00:00\",\"dateModified\":\"2020-09-13T06:23:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\"},\"wordCount\":568,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a\"},\"articleSection\":[\"Bug Bounty\"],\"inLanguage\":\"hi-IN\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\",\"url\":\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\",\"name\":\"How I got a trip to amsterdam through bug bounty - Ninad Mathpati\",\"isPartOf\":{\"@id\":\"https:\/\/ninadmathpati.com\/#website\"},\"datePublished\":\"2019-04-07T01:33:04+00:00\",\"dateModified\":\"2020-09-13T06:23:15+00:00\",\"inLanguage\":\"hi-IN\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ninadmathpati.com\/#website\",\"url\":\"https:\/\/ninadmathpati.com\/\",\"name\":\"Ninad Mathpati\",\"description\":\"Security Consultant\",\"publisher\":{\"@id\":\"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ninadmathpati.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"hi-IN\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a\",\"name\":\"Ninad Mathpati\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hi-IN\",\"@id\":\"https:\/\/ninadmathpati.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/07\/IMG-1632123.jpg\",\"contentUrl\":\"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/07\/IMG-1632123.jpg\",\"width\":851,\"height\":1093,\"caption\":\"Ninad Mathpati\"},\"logo\":{\"@id\":\"https:\/\/ninadmathpati.com\/#\/schema\/person\/image\/\"},\"sameAs\":[\"https:\/\/ninadmathpati.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How I got a trip to amsterdam through bug bounty - Ninad Mathpati","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ninadmathpati.com\/hi\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/","og_locale":"hi_IN","og_type":"article","og_title":"How I got a trip to amsterdam through bug bounty - Ninad Mathpati","og_description":"Hello guys welcome to my blog, Let me tell this is my first blog and will be further writing more blogs on critical vulnerabilities that i found, I hope you would find it interesting.So without wasting time lets move forward, Here I would like to share how I got a trip to Amsterdam with all...Read More","og_url":"https:\/\/ninadmathpati.com\/hi\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/","og_site_name":"Ninad Mathpati","article_published_time":"2019-04-07T01:33:04+00:00","article_modified_time":"2020-09-13T06:23:15+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2019\/04\/brute-force-attack.png","type":"image\/png"}],"author":"Ninad Mathpati","twitter_card":"summary_large_image","twitter_creator":"@ninad_mathpati","twitter_site":"@ninad_mathpati","twitter_misc":{"\u0926\u094d\u0935\u093e\u0930\u093e \u0932\u093f\u0916\u093f\u0924":"Ninad Mathpati","\u0905\u0928\u0941\u092e\u093e\u0928\u093f\u0924 \u092a\u0922\u093c\u0928\u0947 \u0915\u093e \u0938\u092e\u092f":"3 \u092e\u093f\u0928\u091f"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/#article","isPartOf":{"@id":"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/"},"author":{"name":"Ninad Mathpati","@id":"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a"},"headline":"How I got a trip to amsterdam through bug bounty","datePublished":"2019-04-07T01:33:04+00:00","dateModified":"2020-09-13T06:23:15+00:00","mainEntityOfPage":{"@id":"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/"},"wordCount":568,"commentCount":0,"publisher":{"@id":"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a"},"articleSection":["Bug Bounty"],"inLanguage":"hi-IN","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/","url":"https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/","name":"How I got a trip to amsterdam through bug bounty - Ninad Mathpati","isPartOf":{"@id":"https:\/\/ninadmathpati.com\/#website"},"datePublished":"2019-04-07T01:33:04+00:00","dateModified":"2020-09-13T06:23:15+00:00","inLanguage":"hi-IN","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ninadmathpati.com\/2019\/04\/07\/how-i-got-a-trip-to-amsterdam-through-bug-bounty\/"]}]},{"@type":"WebSite","@id":"https:\/\/ninadmathpati.com\/#website","url":"https:\/\/ninadmathpati.com\/","name":"Ninad Mathpati","description":"Security Consultant","publisher":{"@id":"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ninadmathpati.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"hi-IN"},{"@type":["Person","Organization"],"@id":"https:\/\/ninadmathpati.com\/#\/schema\/person\/f19cd13cb1ebac284a486cd18056766a","name":"Ninad Mathpati","image":{"@type":"ImageObject","inLanguage":"hi-IN","@id":"https:\/\/ninadmathpati.com\/#\/schema\/person\/image\/","url":"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/07\/IMG-1632123.jpg","contentUrl":"https:\/\/ninadmathpati.com\/wp-content\/uploads\/2020\/07\/IMG-1632123.jpg","width":851,"height":1093,"caption":"Ninad Mathpati"},"logo":{"@id":"https:\/\/ninadmathpati.com\/#\/schema\/person\/image\/"},"sameAs":["https:\/\/ninadmathpati.com"]}]}},"_links":{"self":[{"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/posts\/2232"}],"collection":[{"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/comments?post=2232"}],"version-history":[{"count":2,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/posts\/2232\/revisions"}],"predecessor-version":[{"id":4688,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/posts\/2232\/revisions\/4688"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/media\/2236"}],"wp:attachment":[{"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/media?parent=2232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/categories?post=2232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ninadmathpati.com\/hi\/wp-json\/wp\/v2\/tags?post=2232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}