Skip to main content

Posts

Featured

Information discloser on Mixmax.com

Hii frends
So as you all know Information gathering is the most important phase of hacking a website.
So just I was finding the sub-domains of the mixmax.com and I found a Subdomain :
email.mixmax.com
And when I open it ,some non-critical Information about API was disclosing.

At first I ignore that because it was like just simple request and response but after when i took one more look some thing was obvious there that does not designed to be on.
So I reported it and Got Duplicate.
This post was for that is Don't ignore the Information gathering phase because it can contain big bounties link trello pass and ID discloser.

Contacts:

Facebook , Twitter , Github , Email


Latest posts

Broken Authentication and Session Management

A very hard way of a BugHunter to start in this community.

Clickjacking on OLX , Mixmax , Formassembly and Chalk.

Session Hijacking on Spotify and Lifeinvader.com

Content Spoofing on Instagram;)

LOCKY Ransomeware at sell

SilverPoision's Github