How I Got Sensitive Directory Using Google Dorks

Hello everyone,

This is my first article. This article will talk about how to find information disclosure bug via google dorks. Let’s me introduce myself I’m Chandan das from India and I’m a web penetration tester.

Lets start !

The company didn’t want me to publish their name. For this reason, I’ll call it “redacted.com”. Let’s begin! I started hunting with some google dorks. ( site:redacted.com intitle:index.of) I found interesting directories.

You want more details of google dorking click hare ==> https://pentest-tools.com/information-gathering/google-hacking (for automation)

Then I click 2th website and I found dev.bz2 file download in my pc. Then open downloaded file (dev.bz 2) with winrar . I got the list of directories available with sensitive_data_exposure & disclosure_of_secrets. You can see in image .

Quickly I report this bug on bugcrowd after one day ago. I received reply from Bugcrowd this bug (P3) is valid But Duplicate.😞😞

Thank you everyone for Reading 🧡

Join My Telegram Chanel For Latest Update https://t.me/ch4ndan_das

U can view my LinkedIn Profile

Happy Hunting :)))