How I was able to find the P4 vulnerability in the United States Department of Agriculture by phone.

Prince Roy(RoyzSec)
2 min readSep 1, 2023

--

Har Har Mahadevđź”±. This is Prince Roy, a cyber security researcher. Last year, I discovered the information disclosure vulnerability on the server of the USDA [United States Department of Agriculture] using my phone.

have you gone mad?

No, guys, for a few reasons, I didn’t publish a blog about it. Now I am going to tell you how I found that issue. I used a Google Dork, which is actually my favourite method to find a vulnerability.

inurl:usda.gov | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private | WS_FTP | ws_ftp | log | LOG filetype:log

And then I got some juicy information

juicy information!!!!!

Then I reported it. After 5–6 hours, it got accepted and I was awarded with the HOF:

Accepted → Resolved.

https://bugcrowd.com/usda-vdp/hall-of-fame

Finally, thanks to Aditya Shende sir, my mentor, who always helps me. I hope that you guys may be helped by this small blog, and thanks in advance for investing your crucial time to read it.

Please follow my Social media accounts for further updates:

Linkedin: https://www.linkedin.com/in/prince-roy-4b9a75187/

Twitter: https://twitter.com/royzsec

Github: https://github.com/royzsec

--

--