400$ Bounty again using Google Dorks

Summary

A cybersecurity analyst named Haris Muthusamy details how they earned a $400 bounty by utilizing Google Dorks to discover vulnerabilities in a private program's WordPress subdomain.

Abstract

Haris Muthusamy, a Cyber Security Analyst, shares their methodology for obtaining a $400 bounty by leveraging Google Dorks to exploit WordPress vulnerabilities on a private program's subdomain. The write-up begins with a friendly greeting to fellow hackers and a reference to a previous successful bounty hunt. Muthusamy then describes the process of subdomain enumeration using httpx, identifying a WordPress-managed subdomain, and subsequently bypassing WordPress login security. Despite initial access denial, persistence led to the discovery of sensitive files, including wp-db.php, which was promptly reported, resulting in a successful bounty claim. Muthusamy encourages readers to follow their work for more updates and provides links to their LinkedIn, BuyMeACoffee, and Linktree profiles.

Opinions

The author believes in the effectiveness of Google Dorks for hacking and emphasizes its significance in security research.
Muthusamy values persistence, as evidenced by continuing to probe for vulnerabilities even after encountering a 403 Forbidden response.
The author showcases a proactive mindset by drawing upon previous knowledge from blogs to apply in their reconnaissance and reporting process.
Muthusamy's excitement and satisfaction are palpable upon finding exploitable vulnerabilities, as indicated by the use of exclamation marks and celebratory gifs.
The author is community-oriented, inviting followers and encouraging others to learn from their experiences through detailed write-ups.

400$ Bounty again using Google Dorks

Hai, Hello, Vanakam to the all the Hackers

Hey hunters! This writeup is my Second writeup I’ll share with you how I get 400$ Bounty again using Google Dorks. If you didn’t read by first writeup please look here , and here we go Let’s get start. kindly excuse my typos & brevity.

I hope everyone know how to use Google Dorks. You guys know that google dorking is playing main role in Hacking. I was seaching for a private program and lets called a example.com ( I am not suppose to revele the program name )

Lets Start

I have choose a target and started subdomian enumeration with httpx

After done with my subdomain enumation I have found that one of the subdoamin is managed with WordPress

My mind says try to bypass WordPress login. lets turn on Hacker mode

In have already read some blogs that in my mind so I have used here. I used example.com/wp-content/uploads/2021/ and hit entered . Boooooooooooooom!!!

Yes! . its 403 forbidden but I didnt loose hope on that in my mind this was running

Why should I jump and search more detail about Wordpress after recon about wordpress and excample.com

I have seached for wp-db so here I have used example.com/wp-inc/ and hit enter. BOOOOOOOOOOOOM!!!!

Here you can see that wp-db.php file and latest updated files here

I was like

I quicky made a report of it and submitted then with in few days got my bounty

Thank you for reading mywriteup. Kindly do follow up for more updates

https://linktr.ee/harismuthusamy

Haris Muthusamy - Cyber Security Analyst - KGISL | LinkedIn

I have completed BE and started working in HCL in the year 2015 then started working in KGiSL in the year 2016 till…

www.linkedin.com

https://www.buymeacoffee.com/Harismuthusamy

Thanks

Regards

Haris M