Admin Panel Accessed Via SQL Injection…

medium.com · kh4sh3i/bug-bounty-writeups · 22 hours ago · bug-bounty
quality 2/10 · low quality
0 net
AI Summary

A bug bounty hunter discovered admin panel access through SQL injection by enumerating historical URLs with waybackurls/gau, filtering for SQL injection patterns with gf, testing with a private tool, extracting admin credentials from the database, and finding the login panel URL in website source code.

Tags
sql-injection admin-panel-access bug-bounty recon url-enumeration credential-extraction bragging-post
Entities
waybackurls gau gf httpx Ratnadip Gajbhiye
Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) | by Ratnadip Gajbhiye - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Admin Panel Accessed Via SQL Injection… (Ezy Boooom…😅) Hello All, Ratnadip Gajbhiye Follow ~3 min read · February 27, 2021 (Updated: January 1, 2022) · Free: Yes I'm back again with a new write-up... Again this article is about Admin Panel Access…( This is my 4th write-up on Admin Access more on the way…) 🤩 Consider company name as "target.com".😅 I'm a very lazy person…😂 I don't do anything manually… So I used some GitHub tools that you guys already know and my private tools too…🤔 Tools I used to find vulnerable URLs : waybackurls , gau , gf & gf patterns…🤗 I ran waybackurls & gau on "target.com" grabbed all the URL's… (Total Urls found 10k+)😐 After that i used GF-Patterns for finding possible vulnerable urls (Like XSS,LFI,SSRF &SQLI..)🧐 Using GF-Patterns found 1k+ Possible SQL vulnerable urls but many of them are dead urls.😒 Httpx is another great tool by project discovery… I used httpx for filtering live urls…😋 After that i filters all the live Possible SQL urls using Httpx….(Total urls 379)🙄 Its impossible to check all 379 urls manually for SQL injection… I used my private tool for Identifying & Exploiting all the urls...😎 I ran private tool on Possible SQL urls, After few minutes later tool indetifed SQL Injection vulnerability and also start auto exploiting the target…😇 So it's enough to report but i dig more into DB and found admin Credentials..🥰 Now I got the credentials but don't know where to use because i used my another tool "Admin finder" but there is no panel in targeted website. I tried all the possible things but no success… 😴 Then i checked source code of the website > ctrl+f then "https://" and i found many links but this " https://ws1.webservices.nl/ " url grabbed my attention.😚 I open this url in new tab and surprisingly found login panel…🤭 I login this panel using that credentials…🥺 And successfully gained access to the admin panel…🤪 I immediately reported this issue to the security team and in response the words of the security team made my day…😊 Reported > Fixed after 25 days > $$$…🤩 Always dig more and never ever lose hopes…🙂 I hope you enjoyed this article and i apologize for my weak English if there is any mistakes in this post.😅 Thanks for reading my article, 😁 Stay home... Stay safe..😏 have a great day...🙂 #bug-bounty #bug-bounty-tips #hacker #penetration-testing #sql-injection Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).
← Back to stories