First of all, don’t judge my excitement by the width of these letters. I will show you how I managed to get inside IITD’s database even when Sqlmap failed. I will outline all the triggers and how I validated my findings without any automated tools just via manual approach.
Press enter or click to view image in full size
From time to time, I purposely stumble on IITs just because I want to bag them all, not just one. This time I thought why not IITD as it was in the second position on Nirf useless table. I enumerated all the subdomains using subfinder. The ONLY tool that helped. Now I started to browse them manually.
By One by one manually I mean , looking for patterns while browsing. I thoroughly search a subdomain, looking at its UI, js files & all the clickables then if I find other similar subdomains, I fast forward through them. It saves time.
I found a subdomain with odd looking login page. I tried basic creds and common sqli payloads. Nothing worked. It had a functionality to register as non-members or as a faculty or foreigner. Usually these are for internal purposes and after you fill the form you actually can’t register.
It had a long form. I was patient and filled it. To my surprise, it sent a verification code on my mail.
very well.
After completing the verification I got another link on my mail.