Recon in 2 minutes and got $250 easy

hi bug hunters,

Today I want to share how I recon to get $250 easy from snapchat.

I just open snapchat.com and view source code, nothing found there.

then the I search “snapchat” on Github:-

which is:-

Content-Length: 4930
Content-Security-Policy: default-src ‘none’; script-src ‘self’ https://www.google-analytics.com; object-src ‘self’ blob:; frame-src ‘self’ blob:; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’ https://www.google-analytics.com blob: data: https://www.snapchat.com/; connect-src https://v1-dot-scan-snapchat.appspot.com/ https://app.snapchat.com/; font-src https: data:; report-uri /csp_violations
Content-Type: text/html; charset=iso-8859–1 Date: Thu, 05 Oct 2017 10:55:56
GMT Server: Google Frontend Status: 200
X-Cloud-Trace-Context: ef034d44a160ba53e09ed585e69745af

I look at CSP and find domain “https://v1-dot-scan-snapchat.appspot.com”, I opened that domain in a browser which looks like

I just log in using my snapchat account and give a look at my cookies

my username was there without “secure flag”, I reported to snapchat and got $250 bounty within 2–3 hours.

the issue was fixed after 2 months

Note:- now cookies without flags are considered “out of scope”. Snapchat accepted that issue not all programs accept.