Few months back when Square started the bug bounty in Hackerone
After some dorking I found this "api-test.squareup.com"
Yea a test bed.
Usually these test sub-domains are vulnerable because they not maintained after initial development phase.
Visited the sub-domain alas nothing to see.
It was a blank page.
But the world doesn't end here.
Here comes the Nmap.
Scanned and found port 25 was open.
And hopefully it has no authentication
so "telnet api-test.squareup.com 25"
After some dorking I found this "api-test.squareup.com"
Yea a test bed.
Usually these test sub-domains are vulnerable because they not maintained after initial development phase.
Visited the sub-domain alas nothing to see.
It was a blank page.
But the world doesn't end here.
Here comes the Nmap.
Scanned and found port 25 was open.
And hopefully it has no authentication
so "telnet api-test.squareup.com 25"
So, I can send mail using the Square's Server to anyone.
I reported it they fixed it within few week.
I reported it they fixed it within few week.
No comments:
Post a Comment