Aug 9, 2018

My Disclosed Report about Basic auth Api details at Reverb.com

Advertisement











Program   : Reverb.com
Bug Type : Information Disclose
Bounty     : 100$
Disclosed report : https://hackerone.com/reports/367581 

Description 

The Bug was about an Api Key ( Username + Password )  was found in Open Source for Reverb in a Disclosed Report ( 351555 ) belong to Reverb Company and Hosted in cloudinary.com 


I give a try if the key was work So I reported it again 

Poc was

 1) goto 


2) It will ask to enter a Username and Password
Enter
username:pass
434762629765715:PQlkrSHPqqjhIBc0MmUkdjcqpps 


Learn more about cloudinary.com
Only need to goto Docs
example 

Poc Pic





Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: