I have read a couple of books recently about different vulnerabilities in order to be able to better protect my projects/websites. Today, I want to share a story about how I managed to use this knowledge in practice.
This material is posted for educational purposes only. The author is not responsible for its usage by other Hackread visitors. The company was notified in advance of 48 hours of the vulnerability and already received enough data to fix it. All vulnerabilities are now fixed.
How it all began
It was quite an ordinary day. I finished several work tasks and made myself a cup of coffee. At the same time, I decided to read one article abouttrading strategies. I wanted to create my own trading bot. In the column to the right of the article, several other articles and ads were displayed.
I do not remember what exactly made me click the advertisement and visit that site, but when I opened it, I noticed one interesting feature. The link led to the landing page with a registration form and one field was already filled in – the promotional code. Please forgive me for not sharing the exact website URL. So, I compared the promo code that was in the input field with the one in the address bar. They were completely the same.