Hello everyone,
My name is Arrhenius Angi Paelongan, you can call me Nius or Qchad :D. This is the story of how I found a bug on a website and received my first bug bounty prize.
So, long story short my friend recommended a program to me, without thinking I immediately decided that I will take a look at it. Lets call it redacted.com
Here we go..
I started my recon by first checking the list of subdomains using Subfinder
Then I used Wappalyzer to see what technologies were being used by the domain. You can install its extension on your own browser, here I am using Google Chrome.
After that, using Wappalyzer I saw that one of the subdomains, login.redacted.com, was using Google Maps. I then immediately searched for any leaked Google Maps API in the source code and I found the Google Maps API. Now, I need to check if it is vulnerable or not using an online Google Maps API Key Checker. You can also use other tools in your terminal such as gmapsapiscanner made by ozguralp. And BOOM, its vulnerable!
Not satisfied with just that, I then tried other methods. From the subdomains that I had collected using Subfinder, I then used httpx to check which subdomains were active or dead.
I then used a vulnerability scanner called Nuclei to search for vulnerabilities present in the subdomains.
Using Nuclei, I found a file named wp-config.php.bak that contained sensitive information such as database credentials. I also found a reflected XSS.
I then contacted the owner of the program and made a report of my findings and gave it to them. They responded well and stated that my findings were valid. After two weeks, they contacted me and gave me a reward of $100.
I was like, yeah finally! After working hard for so long finding many duplicates, I finally succeeded in getting my first bounty.
So, thanks a lot for reading it till the end. I hope you will find this article interesting. Cya!