My Bug Bounty Adventure -1- (Fuzzing + Information Disclosure)

Greetings from Constantinople to all,

In this article, I would like to inform you about a few findings that I encountered during the private bug bounty process.

Throughout the article, the application name will be specified as private.com

1. As a result of the necessary research, I decided to investigate security vulnerabilities in one of the international banks, I contacted the head office of the bank and got the necessary approvals.

2. As you can imagine, the scope was huge so it was incredibly difficult to determine the attack surface, so in large scope tests, I prefer to narrow my starting point as much as possible to narrow the scope first, so instead of going directly to search for medium and high vulnerabilities, I only act on true/false logic.

3. Therefore, I first started various fuzzing methods to achieve information disclosure detection by targeting the main domain address of the target, on the one hand, I examined the directory fuzzing, on the other hand, the pages with the view-source and got curious. useful comment lines, files etc. I started to see if there was one.

4. There was nothing in the main domain, I had to change the destination at this stage, but I had to act logically because there were too many addresses, The bank I tested had headquarters in many countries and websites connected to the centers. I switched from “private.com” to “private.fr”.