Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

Writing is for everyone.

Register for Medium Day

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

The Broken Directory Bug

Hidden Directories in Chaos of Waybackurls

3 min read6 days ago

Read for Freee..ee.e

Press enter or click to view image in full size
Anbu Black Ops

🐺Hunters,

I was hunting on my primary payment app back in January 2025 and at that time I don’t know have much knowledge of recon, so I started with very basic thing. As you read this blogs you’ll know how this discovery leads to a big discovery.

Basic Recon

I started with selecting a subdomain of my target and I started with very simple recon tool waybackurls to get the history of my targeted subdomain:

waybackurls subdomain.com | anew waybacksubs.txt

From waybackurls data I got a lot of .png, .jpeg, .js files and broken directories.

I started clicking those image files and broken links to get sensitive directories and any unauthorized page.

After sometime, I realized this subdomain is only used for storing static files.

Sensitive Directories

I started with general sensitive directories which includes:

admin,documents,logs,private

Now I started with target specific sensitive directories which includes:

report,payment,transaction,merchant

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

InfoSec Write-ups

Published in InfoSec Write-ups

69K followers
Last published 18 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

SIDDHANT SHUKLA

Written by SIDDHANT SHUKLA

657 followers
402 following

just a lazy hunter.

Responses (3)

Write a response

What are your thoughts?

Author

6 days ago (edited)

Thanks for reading.
If you think Free link isn't working, kindly open it on New Tab.
https://ghostman01.medium.com/184f37087479?sk=1dddfd81611ea8ee0546ae3ef7c4fa28

6 days ago

thanks for sharing, I always think about what do this waybackurls data or like what kind of sesnitive data there can be ?

1

6 days ago

Nice

2

More from SIDDHANT SHUKLA and InfoSec Write-ups

See all from SIDDHANT SHUKLA
See all from InfoSec Write-ups

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech