How does my recon win $250 in 15 minutes

Hein Thant Zin
Sep 12 · 2 min read

Hi there again,

I’m Hein Thant Zin and just a noob bug hunter .Today, I’m going to share how recon helps me to find eazy bug in HackerOne ‘s Private program.

The story began when I was awarded my first bounty. I was really motivated to bug another bugs on h1 so then I got a private invitation and checked out it .

Sadly, there was only set 2 domains in scope for their program.

Let’s say the program name as http://reacted.com

The scope domains are

http://app.reacted.com

http://api.reacted.com

Alright , I was testing some common bugs like csrf, xss, other logical bug in main app domain but I didn’t find anything coz there was tested by other experienced hackers so you know very less chance for me to find valid bug there.

The next day, I remembered to do some recon for the program.So I went through github and checking all their repository. Suddenly, I found a payment api endpoint in their repo.

https://api.reacted.com/authorize?scope=payments&client_id=12345&redirect_uri=https://app.reacted.com

As you can see , redirect_uri parameter looks like interesting .

I changed https://app.reacted.com to http://google.com

Open redirect ? Nahh… I’ve got bad request response with 400 status.

Then I tried to bypass and the followings url was successfully bypassed and redirected to the site .

https://api.reacted.com/authorize?scope=payments&client_id=12345&redirect_uri=https://google.com

Also I’ve tested for ssrf and xss but failed .So I reported the bug and they rewarded me 250$ for this simple open redirect bug.

That was happened in only just 15 mins, at last night I was spending at least 4 or 5 hours testing main app but got nothing. What is different between?

When you are doing bug bounty , you need to have the right approach for the target.

Don’t skip every recon steps , the more recon the more possible to win $$$$.

I hope you enjoyed this write up. Actually I’m not IELTS guys , execuse me for any grammatical mistakes.Btw u can find me there https://twitter.com/H3Lowr

Thanks for reading, Seee ya guys………….

    Hein Thant Zin

    Written by