How i Hacked BASF Company !!
1 min readOct 10, 2019
Hi
its Murtada Kamil a security researcher from Iraq
I would like to share with you my bug that I found in BASF through their bug bounty program
During my recent bug bounty hunt, I came across a critical and yet simple vulnerability.
First i search for subdomains of the company using Virustotal
there is a subdomain which get my attention
i click on this site to see what is there
and b000m
so i can access to the admin panel without any authentication and i am able to edit, remove and upload anything
The comapny fixed this bug by secured it by Mobile OTP OR RSA Token
Time Line:
30/3/2018 Report Sent
02/04/2018 Triaged
17/5/2018 Listed in hall of fame
10/10/2019 Report disclosure
Thanks for reading
