Pen-Testing of Automobile accessory designing Portal - Cyber Security Case Study
We were contacted by the company for performing web VAPT. As it was live environment we were not allowed to perform DoS attacks and scope was limited. Though the exercise resulted with High, medium and low level severity issues.
The provided environment was live and black-box methodology was applied to it. We performed automated scan with low intensity for avoiding any harm to live environment and users. Manual approach was chosen for exploitation.
Combination of serious vulnerabilities found in the web server and application code. Web server was outdated and hence leads to exploitation via publicly available exploits. Once the server access is taken, we found directory traversal and unrestricted file upload, using which we were able to gain unauthorized access of approximate "Yearly 3M$ worth automobile part films" - that was saved.