Skip to main content


Showing posts from 2018

How I got access to Fastly account of

Hey Mates, Hope you all are Good, This is my first write-up about how i gain access to a company's( ) fastly account.  One Day I got email that is going to open source on Github . Previously I've found a critical account takeover bug in via stored XSS and get rewarded(Write-up later), Since I have account in that's why I receive this mail. Now Let's get started. Email From Now I was damn sure that there is something that the developer's missed while making project open source in Github , first i visited their Github project at  and start searching manually for secret key's, private key's and Api key's, When searching for Api key I encountered with  cache_buster.rb  which is leaking the fastly Api key like this. with( headers: { " Fastly-Key " => "k 15177t3dctdg27138b03c737688c 84g " }) Dont't waste your t