Member-only story
Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of INDIA).
Hi, everyone
My name is Santosh Kumar Sha, I’m a security researcher from India(Tinsukia, Assam). In this article, I will be describing how I was able to access million of startup register details by SSRF AWS metadata exploitation.
I am now offering 1:1 sessions to share my knowledge and expertise:
SPECIAL COVID-19 Note:
As pandemics is not over. Please follow covid norms as we how devastating it was, So please take care of yourself and your surround individuals. Special request to my fellow bug-bounty hunter Take care of your health .
TOOLS used for the exploitation
1. Subfinder (https://github.com/projectdiscovery/subfinder)
2. httpx (https://github.com/projectdiscovery/httpx)
3. gau(Corben) — https://github.com/lc/gau
4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls.
What is Startup India Government program:
Startup India is an initiative of the Government of India. The campaign was first announced by Indian Prime Minister, Narendra Modi during his speech in 15 August 2015. The action plan of this initiative is focusing on three areas: Simplification and…
