Hello all! So, I stumbled upon something semi-interesting, I am just trying to figure out a better way to enumerate and see if I get anymore information:
Sending the below request:
GET /v1/invite-stats-by-invitee/WlUjMu/ HTTP/1.1
Host: api.hostdomain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 26 Jul 1997 05:00:00 GMT
Origin: https://hostdomain.com
DNT: 1
Connection: close
Referer: https://hostdomain.com/?i=WlUjMu
Responds with:
{"url":"https://api.hostdomain.com/v3/invite-stats-by-invitee/WlUjMu/","fullname":"First and Last Name","user":{"picture":"https://api.hostdomain.com/userprofile-image/11761/","first_name":"Firstname"},"key":"WlUjMu","send_reminders":true,"extras":"{}"}
The WlUjMu
is the value from a JSON âkeyâ parameter; however, I need to find a way to enumerate that string. I sent the domain with the /userprofile-image/11761
to Intruder and Iâm getting valid information by finding user profile pics; however, I canât associate those IDâs with their respective JSON âkeyâ parameter to get more information on those users. It does not appear to be Base64 and Intruder is not working the way I intended it to. Is this a red herring or would this be something valid to continue to pursue? If so, is there an easier way to enumerate a string such as that in Intruder (or another way)? I have been frying my brain here and I think Iâm looking too deep into it.