How I made the United Nations Hall of Fame in 3 minutes
2021-06-20 03:43:18 Author: infosecwriteups.com(查看原文) 阅读量:123 收藏

Renganathan

Hi There,

Renganathan here.

This Write-up is about how I made the United Nations hall of fame in 3 minutes.

And this is my first write-up / Blog on Medium.

Ps- I don’t know to use Medium.

I saw there was a vulnerability reporting program on United Nations (UN) so I decided to give it a try.

So just like any other hacker, I enumerated the subdomains of un.org but using virustotal.com

Yes, Sorry :(

I was not at home, I was in a restaurant. So I used my phone to enumerate subdomains with virustotal.com

I was giving a glance through the subdomains and one of them was git.unite.un.org. I clicked on that.

The plot twist was there was no authentication.

Then I was able to access so many source codes, drupal configurations, their projects (not opensource), and even credentials. I reported them immediately to [email protected]

TimeLine:

Dec 4, 2020- Reported
Dec 5, 2020- Case Number Assigned (Auto-generated email)

No update *crying_noise.mp3*

Jan 13, 2021- The bug was resolved and an authentication page was added. I was asked how my name has to appear on the page If I would like to get credit.

Jan 19, 2021- Name was updated in the hall of fame

Edit: I had a poor internet connection, So it took me 3 minutes. For you it will be 30 Seconds :P

Thanks for reading :)
Stay Safe!


文章来源: https://infosecwriteups.com/how-i-made-united-nations-hall-of-fame-in-3-minutes-b5c87a42c0ee?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh