How I got sensitive details of a company via misconfigured endpoints?
Hey guys, The title seems somewhat catchy, but let me tell you the story how I got different sensitive details of a company via " Forced Browsing " on endpoints and how you can try to find the same kind of issues in Bug bounties or penetration testing. So last week I was performing a penetration test for a certain company. Let's say the main application was www.xyz.com . The application was an organization basically and I was provided with all level of access. It had 5 layers of different access controls of which an Account-Admin had the highest privileges whereas a Normal user of the organization had the lowest privileges. Between these two there were 3 other privileged users such as Manager , Team Leader etc. Now when you come across this kind of applications where there is a different kind of privileges, the first thing that comes in my mind is can I somehow READ or EDIT the details of a higher privileged user. XSS also comes in handy in this kind of situati...