Hey Hello, Security guys & Hacker Thank you for your support.
I Consider a Company example.com due to company policy.
Frist Know about, Sensitive Data Exposure or Cryptographic Failures in 2021
https://owasp.org/Top10/A02_2021-Cryptographic_Failures
How do I find this bug in Just 2 Minutes?
In My recon, I am Using Google Pentest Tool for Dork to find a Sensitive Data Exposure, login, and signup page.
Example.com I search in Google Pentest Tool and, Logfile exposed.
Using this google dork site:example.com ext: log which means site,
example.com contain any extension which using log they will show logfile.
Then I find Sensitive Data Exposure which leads to full path discloser.
Then create POC and send it to the team after 5 months are the company this bug is fixed.
Tip: Also Use Try to make your own google dork it will help you.
Hope you guys are enjoying my write-up follow me and share it.
Thank You for your Support
Bye