How I got 'Hall of fame' from Avalara security team?
My name is Mohsin Khan and I am a security researcher who learn things everyday, today I will explain how I got recognition from "Avalara security team" here i will explain everything like what tool and steps I used during my research. This is my one of the critical vulnerability finding which exposed email address,phone numbers, customer details and many sensitive information that can also be editable and anyone can also be add or delete. In this finding there is no rocket science, It just need a hacker mindset like how you observe things,There is no need to have programming knowledge for this exploit but only awareness how you can perform exploitation. So lets start what i did.. I used "Assetfinder tool" to get all subdomain of "avalara.com" by giving command ./assetfinder --subs-only avalara.com I got lots of subdomain then I saw a subdomain which looks interesting and that was "registration.avalara.com" and after opening this subdomain I got ...
