How I Found P1 with Google Dork on Bugcrowd Program
Published in
Oct 27, 2022
Tool
- Google Dork
Explain
I usually use google dork. like this
site:example.com { Dork command }
But if you use this It’s too much information like and it will be difficult to find sensitive data So I use this
site:example.com { Dork command } -www
- www It’s the domain that Found it during a lot of searching such as
site:.example.com { Dork Command} and result like
test.example.com
test.example.com
test.example.com
test.example.com
admin.example.com
it just use “-test” to remove test.example.com domain for focus on admin.example.com and this item It found Access_token leak
But it’s duplicate SAD