Doxbin - shkolo bg

  ____            _     _       
 |  _ \  _____  _| |__ (_)_ __  
 | | | |/ _ \ \/ / '_ \| | '_ \ 
 | |_| | (_) >  <| |_) | | | | |
 |____/ \___/_/\_\_.__/|_|_| |_|

Title:shkolo bg

Created:May 22nd, 2021

Created by: hnoob

Comments: 0

thumb_up0 thumb_down0

Username: Anonymous - (Login)

Submit Comment

Please note that all posted information is publicly available and must follow our TOS.

 
Domain: shkolo.bg
Subdomain(s): admin.shkolo.bg
              api.shkolo.bg
              hakni.shkolo.bg
TLD: bg
Main-subdomain: www
IPv4: 104.22.59.213 (CF)
Vulnerability: CF Bypass
------------------------
Exploitation:
A needed query is needed to bypass the actual CF Access Permissions. For an
example in specific subdomains, directories will return you code ERROR 1006,
which in CF, means Access Is Denied, to bypass this you need to use query
protocol://subdomain.example.tld/
Which will be 
Scheme: https://
https://admin.shkolo.bg/? <~, and that will clearly bypass it.
This is 0 DAY Vulnerability!
Use it with cautions! DO NOT PUBLISH THIS POST ANYWHERE, IF YOU KNOW WHAT YOU ARE DOING! 
I am Hnoob, from Th3HeadHunter. We are Bulgarian noob group.
Shkolo, If you want, seeing this, contact us here - fire-hnoob-support-thehead@protonmail.ch
--------------------------------------------------------------------------------------------
Whistleblowers always are getting involved for something after that!
Please, do not share it . . . . . . .. . . . . !
If you share It to someone - teacher or someone else. You will be involved in this, and whatever happens - the fault will be yours!
When you share It to teacher or to the support team of SHKOLO - this post will be shared everywhere and the date + when you uploaded the Vulnerability!
You agree with all TOS of this vulnerability! DO NOT SHARE IT!
============================================================================================
GOOOOOOOOOOOOOOOOOODBYEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE===