localhost disclosure(spreaker.com)
Hi fellas,
i was pentesting on spreaker.com and i came across its api which is api.spreaker.com
as you know api subdomain don't have much untill you know what to look for ;-)
so i came across it and started doing changes to its header in order to get some interesting results
so i thought to change the
"host:" values in the header so i changed it to "localhost"
and then in the message body over reply i got is the localhost.. a attacker can map out the network easily but seems spreaker don't care
here is the video
https://drive.google.com/file/d/0B_8T-TFyW_K9M0J1S1kyUEpJc3Z2X21SdEotMk9yZ29HSlU0/view
sorry it was submitted through email as it is an external program.
enjoy
i was pentesting on spreaker.com and i came across its api which is api.spreaker.com
as you know api subdomain don't have much untill you know what to look for ;-)
so i came across it and started doing changes to its header in order to get some interesting results
so i thought to change the
"host:" values in the header so i changed it to "localhost"
and then in the message body over reply i got is the localhost.. a attacker can map out the network easily but seems spreaker don't care
here is the video
https://drive.google.com/file/d/0B_8T-TFyW_K9M0J1S1kyUEpJc3Z2X21SdEotMk9yZ29HSlU0/view
sorry it was submitted through email as it is an external program.
enjoy
well that was a virtual host, i didn't knew at that time, if you find some
ReplyDeletething like that, try bruteforcing for directories and files, you may find some juicy stuff.