Then I thought of trying API calls directly on this abc.api.target.com instead of api.target.com with the session cookie. I was getting a missing header error, so I ran param miner on that endpoint and param miner found these X-User-Id<\/strong><\/em> and X-User-Email<\/em><\/strong> request headers. Then on trying up the user ID and user email in these headers, it returned the details of that user in the response.<\/p>\n\n\n\n
Well this one of the interesting issue which I found in 2023.<\/p>\n\n\n\n I hope it was a good read for you. Hello everyone, It’s been a while since I have written a blog post but since it’s end of year and this has been amazing year and I learned a lot from the cyber security community. I am grateful for the…<\/p>\n","protected":false},"author":1,"featured_media":328,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[59],"tags":[76,74,63,13,62,73,12,75],"class_list":["post-325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-writeups","tag-76","tag-authentication-issue","tag-bug-bounty","tag-ganofins","tag-ganofins-writeups","tag-improper-authentication","tag-tutorials-with-ganofins","tag-user-authentication-issue"],"yoast_head":"\n![\"user](\"https:\/\/ganofins.com\/blog\/wp-content\/uploads\/2023\/12\/s.png\")
But the bad thing was the attacker would require a victim’s UUID in order to exploit this issue. And I couldn’t find any such API endpoint which was leaking the UUIDs of the victims else this would have been Critical<\/em><\/strong> severity issue. But still this was rated as High<\/strong><\/em> severity and was resolved resulted in $1000 bounty.<\/p>\n\n\n\n
Thank you all for reading!
Happy New Year!<\/p>\n","protected":false},"excerpt":{"rendered":"