How does my recon win $250 in 15 minutes

Hein Thant Zin
Sep 12 · 2 min read

Hi there again,

I’m Hein Thant Zin and just a noob bug hunter .Today, I’m going to share how recon helps me to find eazy bug in HackerOne ‘s Private program.

The story began when I was awarded my first bounty. I was really motivated to bug another bugs on h1 so then I got a private invitation and checked out it .

Sadly, there was only set 2 domains in scope for their program.

Let’s say the program name as http://reacted.com

The scope domains are

http://app.reacted.com

http://api.reacted.com

Alright , I was testing some common bugs like csrf, xss, other logical bug in main app domain but I didn’t find anything coz there was tested by other experienced hackers so you know very less chance for me to find valid bug there.

The next day, I remembered to do some recon for the program.So I went through github and checking all their repository. Suddenly, I found a payment api endpoint in their repo.

https://api.reacted.com/authorize?scope=payments&client_id=12345&redirect_uri=https://app.reacted.com

As you can see , redirect_uri parameter looks like interesting .

I changed https://app.reacted.com to http://google.com

Open redirect ? Nahh… I’ve got bad request response with 400 status.

Then I tried to bypass and the followings url was successfully bypassed and redirected to the site .

https://api.reacted.com/authorize?scope=payments&client_id=12345&redirect_uri=https://google.com

Also I’ve tested for ssrf and xss but failed .So I reported the bug and they rewarded me 250$ for this simple open redirect bug.

That was happened in only just 15 mins, at last night I was spending at least 4 or 5 hours testing main app but got nothing. What is different between?

When you are doing bug bounty , you need to have the right approach for the target.

Don’t skip every recon steps , the more recon the more possible to win $$$$.

I hope you enjoyed this write up. Actually I’m not IELTS guys , execuse me for any grammatical mistakes.Btw u can find me there https://twitter.com/H3Lowr

Thanks for reading, Seee ya guys………….

    Hein Thant Zin

    Written by

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade