Today In this post, I will be sharing a unique writeup on SQL injection with Authorization Headers token.
A little bit intro to Authorization Tokens,
=> An Authorization token is generated and signed by the servers and is used to verify the users by unique tokens.
=> After the successful login, the server sends an authorization token, and web developers often store it in the browser's local storage or session storage.
=> Modern Websites use JWT(JSON Web Tokens) for User Authorization. It doesn't mean that each Authorization token is JWT. It depends on the backend and the Framework that the website uses,
Without wasting time, let's jump into the story
I am not a regular Bug Bounty hunter. You can say I am a seasonal Bug bounty hunter. I was bored and tried to search for some private bug bounty programs through google dorks, And Randomly selected a program for hunting. I did not do basic recon like Subdomain enumeration or any Dorking as I started with the main target.
For me, it was a typical day. I just fired up the Burp suite and opened the target site. as per the company policy, I am unwilling to reveal the target.
With the help of the Wappalyzer Plugin, I have noticed that the target runs on PHP. For me, PHP is vulnerable by nature. As a Web developer, I have plenty of experience building websites in PHP and fixing vulnerabilities.
While attacking targets, I have a practice of directory brute-forcing and checking the robots.txt file at the initial stage of my recon process.
I used Dirsearch to find the hidden directories, but no luck. I did not get anything fishy other than the admin page.
I tried Opening the admin page by visiting target/admin/
But No Luck it throws an error 403 Forbidden
I did not give up too quickly, again tried to Fuzz inside the admin page using Dirsearch. This time events page got 200 responses.
Without any delay, I have opened the page target/admin/events/
I have noticed that the page is a regular login page, where it has two ways to log in, one for the author and another for the super admin