Finding Origin IP that leads to Sensitive Information Disclosure

Hello Everyone, In this article I will explain how did find the Origin IP address of a website, and fuzzing the IP address lead me to a directory that had a python script that contains the logins of phpmyadmin, hence the Origin IP that leads to Sensitive Information Disclosure. As its a private program, let’s say the website is www.redacted.com

Here’s how I found it.

The URL “redacted.com” , running a simple censys scan gives a historial data of an IP address where I found the Origin IP that give access to a phpmyadmin. Running a simple fuffz led me to suspicious directories.

/phpmyadmin/ /python/

IP: 3.XX.XXX.XX

Steps

  1. Run a ffuz scan to the IP: 3.XX.XXX.XX
  2. Visit /python/ directory and there we will find a python script as city.py which has the following code:

import mysql.connector
mydb = mysql.connector.connect(
host="localhost",
port="3306",
user="root",
password="xxxxxx",
database="xxxxx_x",
auth_plugin='mysql_native_password'
)
(Rest code has been ignored)

3. Now visit /phpmyadmin/ and login with the username as “root” and password as “xxxxxxxxxx”

Finding Origin IP that leads to Sensitive Information Disclosure

Thanks for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

Achievements🏆

All the mentioned companies below, I have reported security vulnerabilities for which I have either received acknowledgement as Hall of Fame or received monetary reward as Bug Bounties. 

  • Telekom.
  • Sony.
  • Dell.
  • Adobe.
  • Frill.Co
  • Lenskart.
  • NCIIPC RVDP. (Goverment of India)
  • Magicpin.
  • Vercel.
  • YourDost.
  • Porche.
  • Channable.
  • OpenMoney.
  • Uizard.