Bug Bounty Writeups
How I Grabbed All Users Webhooks and Gained Unrestricted Access 본문
Introduction
Hello Bug bounty Hunters and hackers in today's writeup I will demonstrate how I was able to pull out multiple webhooks and send malicious message's to the users of the company
Walkhtrough
When I started hacking on the program, I was a bit desperate and not trusting myself yet since it has the top 10 hackers in the leaderboard years ago but I started my recon
Subdomain Enumeration: Showed that the target has a webhook endpoints I used waybackurls
waybackurls target.com
I got few results like:
webhook.target.com/api/hash/token
I was like now way this is valid
So I went to red the docs on how to use the webhooks and turns out that it's just a simple curl requests x)
The Report
Takeaway
Never say that this program has a lot of know hackers and I won't find a thing
everyone has it's unique approach to a target and you may see something that other didn't
N.B:Sorry for poor quality writeup next one will be better :)