Showing posts from August, 2021

Dropping root shell in a Crypto Exchange for Fun (and Profit?)

I have been using this Crypto Exchange - for at least a year now. I didn't realize they also had a bug bounty program which was mentioned in their footer section. I was quite busy with my day job so I kept the details of the program in my todo.txt so I could check it out later. One night when I was having that itch of doing some bug bounties, I checked my todo.txt and decided to hunt bugs on I started by enumerating subdomains and probing for standard web ports (80/443). After obtaining a handful of URLs, I tried to visit them one by one and noticed a few of them were trying to redirect to another internal domain A quick whois on revealed that it also belonged to (admin email - so I enumerated the subdomains of this domain too. One of the subdomain was running Zabbix instance. I didn't have login credentials and common creds also didn't work but there was "Sign i