Hunting for bounties antihack.me case study

0xSha
0xSha
Nov 3 · 1 min read

Hello, luvs.

I planned to post this long time ago, but because I was busy building SMFD, so it took me a while. As I mentioned in an earlier post these days, I don’t hunt for bounties. I have my reasons, but it doesn’t mean you shouldn’t shoot for bounties. It can bring you a lot of freedom, money, self-esteem, and it’s quite challenging and enjoyable. To make this post more helpful, I tried to find a case study, and I chose a bug bounty (security-aware) platform itself to prove my points. I’ll start with a general background and then jump into our case study.

Table Of Contents

Bug bounty where you should start?

Antihack.me case study

#I RCE through chained vulnerabilities

#II Advanced XSS through DNS email spoof check

#III Session expiration and logic issue

#IV Admin email and information disclosures

Continue Reading

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade