How i Hacked BASF Company !!
its Murtada Kamil a security researcher from Iraq
I would like to share with you my bug that I found in BASF through their bug bounty program
During my recent bug bounty hunt, I came across a critical and yet simple vulnerability.
First i search for subdomains of the company using Virustotal
there is a subdomain which get my attention
i click on this site to see what is there
so i can access to the admin panel without any authentication and i am able to edit, remove and upload anything
The comapny fixed this bug by secured it by Mobile OTP OR RSA Token
30/3/2018 Report Sent
17/5/2018 Listed in hall of fame
10/10/2019 Report disclosure
Thanks for reading