Thread Reader
Share this page!
×
Post
Share
Email
Enter URL or ID to Unroll
×
Unroll Thread
You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649
How to get URL link on X (Twitter) App
On the Twitter thread, click on
or
icon on the bottom
Click again on
or
Share Via icon
Click on
Copy Link to Tweet
Paste it above and click "Unroll Thread"!
More info at
Twitter Help
Mahmoud Youssef
@0xmahmoudJo0
Security Engineer @ TimLands LTD | Bug Hunter
Subscribe
Save as PDF
Oct 11, 2022
•
5 tweets
•
2 min read
🧵Some tricks lead to Admin takeover🧵
While scanning some internal IPs I found that someone gives me 403 with a message :
"You can't access https://IP/"
So I passed the request to the proxy and changed the host header to:
Host: localhost
1/5
🧵
#bugbountytips
#bugbounty
And an admin login panel appeared XDD
So I tried some of the default creds, but I got an error, so I analyzed the request and figured out that the Origin and Referer headers were set to the IP, so I changed them to localhost too, and forwarded the request
2/5
🧵
