A member of the security research community has shared their account of how they were able to gain access to a private system through a vulnerability.
The researcher began by using enumeration tools to search for potentially vulnerable domains.
They came across a domain titled ‘Target Test Portal’ which prompted them to sign up for a user account.
Upon signing up, the researcher noticed that the server response was encoded with identifiable information and lacked adequate protective measures.
Using this information, the researcher created a second account and observed the same patterns of identifiable information encoded in the server response.
Exploration of the platform led the researcher to an option to upload a CV, and they attempted to access or modify private information within the system.