Hello,
I'm fairly new to pen testing ~ 6 months of working through junior pentester on THM and about 90% done. Have a basic understanding of networking yadda yadda.
I don't expect to find anything, but ever since learning Burp Suite, I thought it would be important to see real world examples and to get out of the CTF style picture perfect set ups.
Long story short, Company X offers free range for bug bounties and the thing I was testing was in scope and I figured great practice for me with Burp Suite. So I trimmed down to 50 promising sub domains and begin kinda just going through and researching along the way what some of the HTLM meant and tinkering with altering the packets etc
Didn't find anything for like 6 hours but my last session of tinkering I found something I hadn't seen all day...
When I captured a request that worked with a widget, I got this pretty bulky JavaScript code in the packet in plaintext.
The programmers added a bunch of comments too it and it looks like a bunch of mumbo jumbo to me since I'm a novice programmer but I noticed that there were references to GitHub with usernames source code links and even tables of hashes.
Is this normal? Should I keep investigating this? Is it worth even mentioning to the company or will I get laughed at?
[link] [comments]
from hacking: security in practice https://ift.tt/q6YtZ0y
Comments
Post a Comment