How I was able to find the P4 vulnerability in the United States Department of Agriculture by phone.
Har Har Mahadevđź”±. This is Prince Roy, a cyber security researcher. Last year, I discovered the information disclosure vulnerability on the server of the USDA [United States Department of Agriculture] using my phone.
No, guys, for a few reasons, I didn’t publish a blog about it. Now I am going to tell you how I found that issue. I used a Google Dork, which is actually my favourite method to find a vulnerability.
inurl:usda.gov | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private | WS_FTP | ws_ftp | log | LOG filetype:log
And then I got some juicy information
Then I reported it. After 5–6 hours, it got accepted and I was awarded with the HOF:
https://bugcrowd.com/usda-vdp/hall-of-fame
Finally, thanks to Aditya Shende sir, my mentor, who always helps me. I hope that you guys may be helped by this small blog, and thanks in advance for investing your crucial time to read it.
Please follow my Social media accounts for further updates:
Linkedin: https://www.linkedin.com/in/prince-roy-4b9a75187/
Twitter: https://twitter.com/royzsec
Github: https://github.com/royzsec