Recon in 2 minutes and got $250 easy
hi bug hunters,
Today I want to share how I recon to get $250 easy from snapchat.
I just open snapchat.com and view source code, nothing found there.
then the I search “snapchat” on Github:-
Content-Security-Policy: default-src ‘none’; script-src ‘self’ https://www.google-analytics.com; object-src ‘self’ blob:; frame-src ‘self’ blob:; style-src ‘self’ ‘unsafe-inline’; img-src ‘self’ https://www.google-analytics.com blob: data: https://www.snapchat.com/; connect-src https://v1-dot-scan-snapchat.appspot.com/ https://app.snapchat.com/; font-src https: data:; report-uri /csp_violations
Content-Type: text/html; charset=iso-8859–1 Date: Thu, 05 Oct 2017 10:55:56
GMT Server: Google Frontend Status: 200
I look at CSP and find domain “https://v1-dot-scan-snapchat.appspot.com”, I opened that domain in a browser which looks like
I just log in using my snapchat account and give a look at my cookies
my username was there without “secure flag”, I reported to snapchat and got $250 bounty within 2–3 hours.
the issue was fixed after 2 months
Note:- now cookies without flags are considered “out of scope”. Snapchat accepted that issue not all programs accept.