How I got 'Hall of fame' from Avalara security team?

My name is Mohsin Khan and I am a security researcher who learn things everyday, today I will explain how I got recognition from "Avalara security team" here i will explain everything like what tool and steps I used during my research.

This is my one of the critical vulnerability finding which exposed email address,phone numbers, customer details and many sensitive information that can also be editable and anyone can also be add or delete.

In this finding there is no rocket science, It just need a hacker mindset like how you observe things,There is no need to have programming knowledge for this exploit but only awareness how you can perform exploitation.

So lets start what i did..

I used "Assetfinder tool" to get all subdomain of "avalara.com" by giving command

./assetfinder --subs-only avalara.com

I got lots of subdomain then I saw a subdomain which looks interesting and that was "registration.avalara.com"

and after opening this subdomain I got only login page and there was no option of signup or registration, So I thought lets check each and every hidden directory, for that I used tool called "dirsearch"

 

 

As you can see I got the registration endpoint(Account/registration) with 200 status code, It means I can register with this URL https://registration.avalara.com/Account/register

and this worked I successfully registered and I got the full admin access(Actually this subdomain is only for internal staff and now I got details of everyone)

 

 

After this I made a report and send to the security team and I got below reply..

This is how things work, there was no rocket science just need a basic awareness and knowledge of tools so that you can identify all the hidden things.

 Hope, you like it!