Pen-Test for Real Estate Marketing Platform

Conducted penetration testing on a real estate marketing platform to identify security vulnerabilities. The testing focused on web application, API endpoints, and server configurations. Discovered multiple vulnerabilities: 2 XSS vulnerabilities in the property search and contact forms, CVE-2017-7529 (HTTP Range Request Vulnerability) exposing sensitive content, SSRF through XML-RPC Pingback, and a DOM-based XSS in Swagger UI. The XSS vulnerabilities could lead to session hijacking and credential theft, while the SSRF vulnerability allowed unauthorized internal requests. The CVE-2017-7529 vulnerability could leak sensitive server files. The DOM XSS could allow attackers to execute scripts through Swagger UI query parameters. Provided detailed reports with PoC for each vulnerability, demonstrating their risk and potential business impact, including data exposure and reputational damage. Delivered recommendations for patching and securing the platform to prevent exploitation.