Mukul Lohar
Mar 1, 2020

Whats App Admin Panel Takeover : https://translate-dev.whatsapp.com

old write-up : https://immukul.blogspot.com/2017/04/facebook-bypassing-prohibit-embedding.html

DESCRIPTION:-

Hi all,

This post is about vulnerability that i found on whatsapp translate website which can leads to expose users email id. I was able to approve translation also.

Fun part is that i got E-mail ids of whatsapp founders Brian Acton and Jan Koum too.

One day i was going through website https://dnsdumpster.com/ and i tried to find subdomains of https://whatsapp.net. I found bunch of sub domains, there was domain https://tsl102.whatsapp.net/ which redirects to https://translate-dev.whatsapp.com .

POC:-

I have an account on https://translate.whatsapp.com site. So i tried log in into my account on https://translate-dev.whatsapp.com site, and pop up message that Bad credential.

After that i figured out both https://translate.whatsapp.com and https://translate-dev.whatsapp.com website are different.

Then just entered

USERNAME:- admin PASSWORD:- admin

And successfully logged in to admin panel.