Type your comment> @gbyolo said:
I think it’s time to give some hints about the initial foothold.
As I could understand by talking to some of you on social channels, the “obvious” vulnerability everybody is talking about is correct, however you are all missing some important information to correctly exploit it.
Try to use a different wordlist to find something useful in the web app. Maybe some developer left traces of a changelog!
Well consider me truly bamboozled. After many hours of trying the obvious path I see this post, and spend quite a few more hours throwing different wordlists from seclists/dirb/dirbuster/wfuzz at the site. Full recursion, .log, .txt, .conf, .html, .php extensions and nothing. The only changelogs found were in /v***/s***/*/c***. They don’t seem to be useful.