all InfoSec news
I took over 10 Million Accounts, Easy API Hacking
Feb. 27, 2024, 7:57 p.m. | Ravaan
InfoSec Write-ups - Medium infosecwriteups.com
I hacked 10 Million+ Accounts and here’s exactly how i did it. Easiest API hacking you’ll ever see.
So this company(AppyPie) had a max bounty of $1000. I wanted to try my luck. I majorly focus on BAC-related bugs. Broken Access Control and Business Logic Errors, this usually covers API hacking.
Appypie.comBUG 1:
PII LEAK:
So i tried initially to gather all endpoints using my custom methodology already shared, interestingly. I get a subdomain called
backendaccounts.appypie.com
From here, …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Honeypots 101: A Beginner’s Guide to Honeypots
5 days, 14 hours ago |
infosecwriteups.com
Devvortex Hackthebox Walkthrough
6 days, 14 hours ago |
infosecwriteups.com
Port Scanning for Bug Bounties
6 days, 14 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Cyber Security Engineer
@ ASSYSTEM | Bridgwater, United Kingdom
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)