Hi There,

Renganathan here.

This Write-up is about how I made the United Nations hall of fame in 3 minutes.

And this is my first write-up / Blog on Medium.

Ps- I don’t know to use Medium.

I saw there was a vulnerability reporting program on United Nations (UN) so I decided to give it a try.

So just like any other hacker, I enumerated the subdomains of un.org but using virustotal.com

Yes, Sorry :(

I was not at home, I was in a restaurant. So I used my phone to enumerate subdomains with virustotal.com

I was giving a glance through the subdomains and one of them was git.unite.un.org. I clicked on that.

The plot twist was there was no authentication.

Then I was able to access so many source codes, drupal configurations, their projects (not opensource), and even credentials. I reported them immediately to [email protected]

TimeLine:

Dec 4, 2020- Reported
Dec 5, 2020- Case Number Assigned (Auto-generated email)

No update *crying_noise.mp3*

Jan 13, 2021- The bug was resolved and an authentication page was added. I was asked how my name has to appear on the page If I would like to get credit.

Jan 19, 2021- Name was updated in the hall of fame

Edit: I had a poor internet connection, So it took me 3 minutes. For you it will be 30 Seconds :P

Thanks for reading :)
Stay Safe!