Hello my Medium friends. in this article, i'll share a little story about how i accidentally discovered exposed data on one of my assets (subdomain) at ferrari.com. okay, let's get straight to the point.

Little History:

I've given up on my attempts to find a loophole i can get into. starting with dorks, analyzing request-response headers in each subdomain, looking for hidden files from the old archives, all of them did not produce anything. when i started to get desperate, i checked my github account again and surfed around. and i found in my browser search, that i myself had been looking for tools to scan assets that did not hide sensitive files. and what is that? yep that's right. dirsearch XD https://github.com/maurosoria/dirsearch

Step to Reproduce:

• prepared and studied several commands on the tools so that i got the final result for the command that suited my exploration: dirsearch --url-file=subdomain.txt --thread=10 --include-status=200 --http-method=GET

PoC:

• don't forget to save all active Ferrari subdomains in one file subdomain.txt
• and the scanning process continues until i get results like this on 2 subdomains

• to see whether the results are false positives or not, i use two methods: the first with the curl command, and the second directly in the browser. and gotcha... i got this...

Timeline & Bad Ending

• March 4, 2025 send report to Ferrari Disclosure
• March 6, 2025 reply my message
• April 18, 2025 i checked the subdomain and it turns out the vulnerability has been fixed and ferrari didn't say anything to me XD

That's all, and happy reading.

https://www.youtube.com/Cyber Kenma