Payment receipt disclosure (Instamojo)
Hello, My fellow readers
So while searching for bounty programs i came across Instamojo (it is a payment portal) in India.
i thought , at first why not give it a try and lets see if i can find something interesting
But Best part of this is that i found it in the first step i,e. Recon.
so i started with some Google-fu (dorking , and that's where i got my alias.)
after few dorkings i came across a pdf which is actually a book sold by "I*** Foundation" and the crawler found it.
so this is the url
https://www.instamojo.com/payment/status/MOJO5b*********/?token=<token here>&expired=true
so , only the right owner can view the reciept of this book who buyed it. I looked if i can bypass it and then my view shifted to "expired=true" parameter ,
after i changed the "true" to "false" , i was in and can view the reciept.
.......................<redacted>
The reciept contains other sensitive details which cannot be disclosed here.
after founding it i was like
so i reported it on
So while searching for bounty programs i came across Instamojo (it is a payment portal) in India.
i thought , at first why not give it a try and lets see if i can find something interesting
But Best part of this is that i found it in the first step i,e. Recon.
so i started with some Google-fu (dorking , and that's where i got my alias.)
so this is the url
https://www.instamojo.com/payment/status/MOJO5b*********/?token=<token here>&expired=true
so , only the right owner can view the reciept of this book who buyed it. I looked if i can bypass it and then my view shifted to "expired=true" parameter ,
after i changed the "true" to "false" , i was in and can view the reciept.
| Payment ID | MOJO5b0********* |
| Paid to | |
| Paid on | Nov 09, 2015 at 9:52am |
The reciept contains other sensitive details which cannot be disclosed here.
after founding it i was like
| Mon, Nov 27, 2017 at 7:39 AM i got reply on : Jan 4 2018 Rewarded on: feb 22 2018 Tips* Make sure to do Google-fu as much as possible. "you never know ,what interesting things are waiting for you" |
Thank you for Reading
:-)
Comments
Post a Comment