Hello Everyone,
I hope your 2020 wasn’t that bad and you still gave your efforts to be productive.
In this short write-up, I would talk about how I was able to access every admin account in the same organization as well as cross-organization. It was done on a company that is very well-known in the developer’s community. However, I won’t mention its name as it is a private program.
So this is a digital signature website where anyone can send a document to sign to the other person. The application manages well its access control by differentiating proper roles and…
So, One day i join a program on Bugcrowd from their Joinable program list. It was a set of application which provide email services to the clients. I dont know why i didnt start hunting as soon as i joined the program but i left it for two months.
So the flow of the applications was as follow there was one application(Central admin) which controls all the clients data and infrastructure (like how much resource should be allocated to client, Shall services like SFTP should be enabled, user management of the client admin etc) so let it be called tier…
Security Researcher