Hi, I'm Merroun Lahcen from DevSecure — we specialize in uncovering hidden vulnerabilities that pose real-world risks to modern web applications.
All vulnerabilities shared in these write-ups are fully redacted — any company names, domains, or sensitive details are replaced with placeholders such as company.com. Each finding was responsibly disclosed through the Intigriti platform and has been verified and resolved by the affected vendor.
Every post represents our commitment to ethical hacking, responsible disclosure, and continuous learning — helping organizations strengthen their defenses while contributing to a safer global cybersecurity ecosystem.
i found a method to get all emails with @company.com in company admin db
the method is in 2 steps after login as admin
1/ go to this endpoint
with PUT request
admin.company.com/admin/services/user/settings
[{"idUser":Here_Company_User_Id,"validToDate":"2023-03-06T00:00:00.000Z","operation":"1"}]
with intruder you could do this and extract all of them
just for prof of concept
this is a list of valid ids wich i found :
1
2
19
20
...
824050
wich you could use
and you can download the attached file wich you can get more idUsers of @company.com emails
2/ go tho this endpoint you will get the emails with first and last names
admin.company.com/admin/user/settings/userlist?usersWithNoRole=false
Impact
information disclosure
Platform : Intigriti
Timeline :
Reported: 05/03/2023
Triaged: 07/03/2022
Accepted & paid: 07/03/202
Bounty: €1,000