Hi There,
Renganathan here.
This Write-up is about how I made the United Nations hall of fame in 3 minutes.
And this is my first write-up / Blog on Medium.
Ps- I don’t know to use Medium.
I saw there was a vulnerability reporting program on United Nations (UN) so I decided to give it a try.
So just like any other hacker, I enumerated the subdomains of un.org but using virustotal.com
Yes, Sorry :(
I was not at home, I was in a restaurant. So I used my phone to enumerate subdomains with virustotal.com
I was giving a glance through the subdomains and one of them was git.unite.un.org. I clicked on that.
The plot twist was there was no authentication.
Then I was able to access so many source codes, drupal configurations, their projects (not opensource), and even credentials. I reported them immediately to [email protected]
TimeLine:
Dec 4, 2020- Reported
Dec 5, 2020- Case Number Assigned (Auto-generated email)
No update *crying_noise.mp3*
Jan 13, 2021- The bug was resolved and an authentication page was added. I was asked how my name has to appear on the page If I would like to get credit.
Jan 19, 2021- Name was updated in the hall of fame
Edit: I had a poor internet connection, So it took me 3 minutes. For you it will be 30 Seconds :P
Thanks for reading :)
Stay Safe!