Whats App Admin Panel Takeover : https://translate-dev.whatsapp.com

old write-up : https://immukul.blogspot.com/2017/04/facebook-bypassing-prohibit-embedding.html
Image for post
Image for post

DESCRIPTION:-

Hi all,

This post is about vulnerability that i found on whatsapp translate website which can leads to expose users email id. I was able to approve translation also.

Fun part is that i got E-mail ids of whatsapp founders Brian Acton and Jan Koum too.

One day i was going through website / and i tried to find subdomains of . I found bunch of sub domains, there was domain / which redirects to .

POC:-

I have an account on site. So i tried log in into my account on site, and pop up message that Bad credential.

After that i figured out both and website are different.

Then just entered

USERNAME:- admin PASSWORD:- admin

And successfully logged in to admin panel.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store