How I got Hall of Fame in Microsoft by hunting WordPress website🖇⁉️

Hi guys!!!

A few months back, I was a little focused on Microsoft, third-party,… vulnerability. in the episode,

“the REST API allows simulating different request types. As such, we can perform a POST request with the “users” string in the body of the request, and tell the REST API to act like it’s received a GET request.”

Or simply just use this URL:

https://target.com/wp/v2/users/*

Or

https://something.target.com/wp/v2/users/*

Some people just focused on the /users endpoint and with some other endpoints like

/wp-json/wp/v2/themes/

/wp-json/wp/v2/comments/

/wp-json/wp/v2/plugins/

But they might miss some juicy endpoint by not completely exploring the WordPress site.

What I have done is just started to explore the endpoint https://target.com/wp-json/

During the exploration, I got one endpoint which was/emails-posts

I just started to access the endpoint with the URL “https://target.com/wp-json/emails-posts

This URL is one that “takes the log information of Microsoft employees who post updates on WordPress blogs”

For each and every update it takes a log of blog updated time, uploaded by, uploaded employee email.

My eyes were gone with emails, I just extracted the JSON information and fetched and was able to see nearly 100+ employee emails exposed on the WP endpoint.

After seeing this I just raised a report in the below format:

Please Take Note, WP-JSON user exposure is not such a big Vulnerability, But a large amount of Organization Emails leads to sending a Phishing email or login any anonymous system with the use of email, making the company’s reputation loss by sending emails to customers

Summary: There is an endpoint that every WordPress Site Will have which is www.example.com/wp-json/. While on https://target.com/wp-json/emails this endpoint during my testing I was able to find some users, and I was able to get nearly 150+ employee organization Emails.

“This is the Report I made and the Response they gave is Issue is been fixed”

Baammmmmmmmmmmm!! After seeing this lesson I learned is should not miss any endpoint during our research.

Hall of Fame

Below is my Hall of Fame from Microsoft

#bugbounty #ethicalhacking #microsofthalloffame

Just drink a coffee with me get with me:

https://www.linkedin.com/in/gokuleswaranb-ethacker/