Alright, so here’s a weird story from my adventures while doing Bug Bounty…
Hey guys, I hope you’re doing well! I’m back again with another interesting Story. Today, I want to share how I discovered HP printer’s admin page by Doing basic directory brute-forcing. It Looks like someone decided the printer should be Open for all to access.

Grab your coffee, and let’s get started! 😉

The Discovery

It all started on a regular afternoon. I was watching YouTube, just passing the time, when an email from CyberBay showed up in my inbox. It mentioned that some new programs had been launched, so I thought, why not take a look? I started with some basic recon, used WaybackURLs to find some old archived paths, then ran Nuclei to check for any quick wins. Nothing came up. So, I fired up Dirsearch and started brute-forcing directories, hoping to find something interesting. That’s when things took an unexpected turn one hidden path caught my eye, and it wasn’t just any path.
I found myself staring at the unlocked admin page of an HP Printer.

Digging Deeper: Access and Control

This is the URL that earned me a critical bug within minutes:
http://n119236249203.example.com/SSI/index.htm

When I first opened it, I wasn’t expecting much. It looked like a basic, and boring link nothing that much important. But as soon as the page loaded, I realized I was looking at something way more serious , the full admin panel of an HP printer.

No login, no warning, just open access to everything.

I just start exploring the admin panel and was able to find that:

• I was able to modify network settings, like DNS and IP configurations, to redirect traffic through a malicious network they control.

• I was able to change the printer’s phone book, like adding some extra contact names in their list.

• An attacker could also disable all network connections, cutting the printer off completely and rendering it unusable.

Disclosure & Reward

I reported the issue to the platform, and the very next morning, I got an email saying the report was accepted and I was rewarded $700 for this finding.

Plus an extra $175 for retesting the issue. That’s when I realized even printers can pay you that much.