image dsbw
Request Assessment

Export Subscription Application Instance List ( with internal host ) and SupportCompanySearchCustomers



Published il y a 6 mois

image de Export Subscription Application Instance List ( with internal host ) and SupportCompanySearchCustomers

Hi, This is Merroun Lahcen From DevSecure ,we specialize in uncovering hidden vulnerabilities that pose real-world risks to modern web applications.
All vulnerabilities shared in these write-ups are fully redacted — any company names, domains, or sensitive details are replaced with placeholders such as company.com. Each finding was responsibly disclosed through the Intigriti platform and has been verified and resolved by the affected vendor.

Every post represents our commitment to ethical hacking, responsible disclosure, and continuous learning, helping organizations strengthen their defenses while contributing to a safer global cybersecurity ecosystem.

Export Support Company Search Subscription Application Instance List and Support Company Search Customers Tunnels List

1/ login in https://admin.company.com
2/ you can export those Lists using this endpoint

https://admin.company.com/admin/exports?from={LIST_Name}&type=excel&s=name&a=true&i=true

https://admin.company.com/admin/exports?from=exportSupportCompanySearchSubscriptionApplicationInstanceList&type=excel&s=name&a=true&i=true

https://admin.company.com/admin/exports?from=exportSupportCompanySearchCustomersTunnelsList&type=excel&s=name&a=true&i=true

Impact
none authorised access

Platform : Intigriti
Timeline :
Reported: 25/02/2023
Triaged: 03/03/2023
Accepted & paid: 06/03/2023
Bounty: €3,000
https://app.intigriti.com/profile/merroun