Hey fellow hackers and bug hunter’s,

Story of my google hall of fame

Bug Name : Error message discloses the source code of the website.

Severity : Low

In google bughunters website, Google provided the targets to hunt.So i chosen the target called “*.onduo.com” .At first glance , onduo does not have much functionalities to test.Then i did directory bruteforce,But it also ended up with vein.

I gathered all the subdomains of onduo.com using Subfinder.I don’t know why i clicked the subdomain called “develop.onduo.com” and this is also have same as the main website.But when i go to “www.onduo.com/blahblah” it ends up with the 404 page and i think this is also the same for “develop.onduo.com/blahblah”.But when i visit develop.onduo.com/blahblah it discloses the error message of template not found with some source code of the website.

I reported this to google at oct 27 ,6AM.I thought google would have close this report as NA/duplicate.But they replied as I’ve filed a bug with the responsible product team based on your report.

This is my first google bug was accepted after reporting 6 reports.

Thank you for reading this writeup.

Follow me for more bug hunting writeup’s

Follow me on Instagram : https://www.instagram.com/ram_0x_infosec/

Connect with me on Linkedin : https://www.linkedin.com/in/ram0xinfosec/