How I Earned a $500 Bug Bounty for Finding a Vulnerability

The thrill of the hunt is often as rewarding as the prize itself. Recently, I experienced this firsthand when I earned a $500 bounty for discovering a significant bug. Here's a detailed account of my journey from identifying the bug to claiming the reward.

Getting Started

My interest in bug bounty hunting was sparked when i was just 15 years old, by the growing number of opportunities available for ethical hackers. Companies worldwide offer bounties to individuals who can find and report security vulnerabilities in their systems. The first step in my journey was to find a suitable program. I chose a well-known platform 🔗Hackerone that connects security researchers with companies looking to improve their security.

Selecting the Target

I browsed through the list of available programs. I selected a company that had a history of rewarding researchers fairly and had a wide scope of applications to test. This company had an extensive web application with multiple features and integrations, providing potential vulnerabilities.

Reconnaissance and Information Gathering

Before diving into active testing, I spent a considerable amount of time in the reconnaissance phase. This involved gathering as much information as possible about the target:

1. Subdomain Enumeration: I used tools like Sublist3r and Amass to identify all the subdomains associated with the main domain.
2. Port Scanning: Nmap helped me discover open ports and services running on the target's servers.
3. Directory Bruteforcing: DirBuster and Gobuster were useful in identifying hidden directories and files.

Identifying the Vulnerability

After compiling my initial findings, I started the actual testing. One of the first things I checked for was common web vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF).

During my testing, I discovered an endpoint that handled user input without proper sanitization. By manipulating the input, I was able to execute arbitrary JavaScript code in the context of another user. This vulnerability, known as Stored XSS, could allow an attacker to steal session tokens, perform actions on behalf of the victim, and potentially compromise sensitive information.

Verifying the Vulnerability

Once I identified the vulnerability, I needed to verify it in a controlled manner. I created a proof-of-concept (PoC) that demonstrated how an attacker could exploit the flaw. My PoC involved injecting a script that would capture the session token of any user who visited the affected page.

Reporting the Bug

With my PoC ready, I documented the entire process, including:

• Steps to Reproduce: A detailed, step-by-step guide on how to trigger the vulnerability.
• Impact Assessment: An explanation of the potential damage and risks associated with the vulnerability.
• Mitigation Suggestions: Recommendations on how the company could fix the issue.

I submitted my report through the platform’s bug submission form, ensuring I provided all necessary details.

The Wait

After submitting my report, there was a period of waiting while the company's security team reviewed my findings. This can be an anxious time for bug hunters, Communication with the security team can help clarify any questions they might have and expedite the verification process.

The Reward

A week later, I received an email from hackerone security team acknowledging the vulnerability and thanking me for my efforts. They confirmed that my report was valid and that they had implemented a fix. they awarded me a $500 bounty for my discovery.

Conclusion

Earning a $500 bounty was not just about the money of course it's about money, but the satisfaction of knowing I had helped improve the security of an application means alot.