Background

Previously we discussed a Local File Inclusion bug at IKEA.com, the bug was quite complicated and showed us that you have to think out of the box in order to exploit it.

This time we will learn how a relative simple and easy to spot bug can have a high impact; a potential data leak of customer data.

Plenty of high profile brands use Salesforce for their Customer Relationship Management (CRM); it’s perfect for customer care support. Furthermore it’s real easy to implement their software on your own website by using their API.

IKEA.com

As mentioned in our previous bug report, IKEA is a nice brand with a proper responsible disclosure statement. So we’re safe to help them find bugs, maybe even in exchange for a reward. Time to search for bugs!

Finding targets

As always we start with a search for interesting sub domains. A good start is to use Amass, it will query different public available data sets and gives you a nice list of sub domains back.

However searching manually in different data sets is never a bad idea; search the social media accounts of the brand for interesting sub domains and URLs. Open Facebook.com, Twitter.com and LinkedIn.com; search the brand name, search for domain names and see what you end up with.

IKEA Spain Tweet