How I was able to delete a production backend server in my first finding.

In December 2023, Rohan Raduanul decided to transition from CTF player to ethical hacker
He began examining domains belonging to Caterpillar, a company with a large scope and wide-ranging in-scope properties
While examining the catwatches.com domain, he discovered a subdomain that appeared to be an admin portal
Using FFuf, he discovered a phpMyAdmin login page which prompted him to examine the HTML source code
In the source code, he found the disclosed PMA version which proved to be vulnerable to CVE-2016-5734 (RCE) and CVE-2019-12922 (CSRF)
While the RCE vulnerability appeared to be patched, he was able to use the CSRF vulnerability to test deleting a server from the Setup page in phpMyAdmin
Although he was unable to fully test the deletion of a server due to authentication issues, he triaged the issue as a medium vulnerability to the Caterpillar team
Unfortunately, the issue was later marked as informative, stating that Caterpillar did not own the domain of the vulnerable catwatches.com subdomain.

Fast Feed