Har Har Mahadev! This is Prince Roy, a cyber security researcher. Recently, I have discovered an information disclosure vulnerability in one of the NASA domains by just Google hacking or dorking.
I am serious, guys. Google dorking is a great way to find information disclosure. Now, I am going to tell you how I found it.
I used that dork for a search:
site:.*.*.nasa.gov "Server Status" | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private
This simple search gave me some juicy information.
When I opened it, I found the web server status along with secret information. After that, I reported it.
And guess what? After 4 days, my report got accepted.
And listed on their HOF:
VDP Pro: National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program |…
Bugcrowd's bug bounty and vulnerability disclosure platform connects the global security researcher community with your…
And Finally, thanks in advance for reading my small finding blogs. I hope you enjoyed it.
Please follow my social media platforms for my next blog: