How I Became an Accidental Admin and Almost Got Fired (From Someone Else’s Company)
一位安全测试人员在测试HR平台PeopleFlow时发现漏洞,意外获得了公司薪资、社保号码等敏感信息,揭示了企业系统潜在的安全风险。 2025-10-17 09:49:20 Author: infosecwriteups.com(查看原文) 阅读量:12 收藏

Iski

Free Link 🎈

Hey there!😁

Press enter or click to view image in full size

Image by AI

You know that feeling when you accidentally get added to the wrong group chat and suddenly you’re reading about Brenda’s cat’s dental surgery? Yeah, this was like that, but instead of cat photos, I got access to everyone’s salaries, Social Security numbers, and the keys to the entire company kingdom. All because someone forgot to check if I was actually invited to the party. 🎉

It all started when I was testing a fancy new HR platform called “PeopleFlow.” I had a basic user account with about as much power as a soggy paper towel. But sometimes, even soggy paper towels can short-circuit the whole building if you know where to poke…

Act 1: The Humble Beginning — Just a Regular Joe 👨‍💼

After my usual recon dance (you know the drill by now — subfinder, httpx, the usual suspects), I found PeopleFlow's main application. I created a test account and poked around. The interface…


文章来源: https://infosecwriteups.com/how-i-became-an-accidental-admin-and-almost-got-fired-from-someone-elses-company-82e7b0acdb8b?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh