Company’s zendesk subdomain lead to hidden access.

Introduction:-

Hi guys!
My name is Himanshu Pdy, and I am a security researcher. This is my second blog :)

let’s start without any delay.

About the issue:-

Here is my new unique writeup that i have recently found.
I have never seen such issue so thought of writing it down.

BUG :- company’s zendesk subdomain lead to hidden access.

Let's begin,

Usually support portal doesn’t show any signup or signin option,

So i started doing some basic recon and found a subdomain xyz.zendesk.com which i found intresting because it was having a signup option.

I thought it will only work for the employees, but i was WRONG. I was able to successfully sign up.

But after signin, it was just showing a blank page - - - - >> even tried dirsearch and dirb but found nothing.

So i thought of looking at source code, which showed some js file link.
After some try i found that it redirected me to support portal of the company.
I. E. support.xyz.com

I thought something wrong, but after looking closely, i found that i have found hidden way to log in to support portal.

I thought it was a normal support portal after user signin to its account.

But wait, i tried to signin as a normal user and it said the email id is not registered.

That means i have registered on the company’s hidden place which should only be accessible to the employees or idk for whom.

I reported this issue but they have support.xyz.com out of scope, so this bug was marked as informative.

BAD LUCK 🙂🙂🙂.

Hope you learn something new from this. Sometimes an external vulnerability can lead to internal hidden and important feature issue.

Be safe during this quarentine ( covid situation). 🙂🙂🙂🙂