1st Bounty Story | Rewarded 300$ (IDOR)

Md Hridoy
Md Hridoy
Jul 29, 2019 · 3 min read

This is My 1st Bounty Rewarded Story and 1st Writeup.I am still learner not a pro man and week in english so ignor mistake spelling.My internet journey begin 2015. The first hacking word I could Found on My Facebook NewsFeed. From that moment on, hacking created a curiosity. After that I got to know about white hats and black hats. Then the interest in learning how to work white hats hacker.Then i am search on Google and Youtube.I am found many many resourcse.I hope Every Body already Know Google and Youtube World Best University For Everything Learning.One Day i am reading a blog post here i found 1 line here author write a line about Bug Bounty Programme.Then my curiosity jump Low level to High Level what is Bug Bounty Programme.Then I am again search google about Bug Bounty Programme Becasue i am already gather white hat hacking knowledge.Then i am found a interesting blog about Bug Bounty Programme to earn Money.Then i am setup my maind to learn about bug hunting,Then i am again search on google found many resource and start learning bug hunting method.Then i am join facebook,twitter bug bounty hunter group.I am skip many point in my bug bounty journy because its not possible to finished write 1 post.

Lets start how i am found IDOR Vulnerability.Report status (Unresolved) so i am not mention site name.

after 1.5 year later i am login my bugcrowd account.Then i am choose a site.then i am find this sites subdomin using Sublist3r i am found many domain then i am check one bye one domain in my browser.

Then i am found a site and create a account here after i login dashboard i see here one 5 star review section.Like Below:

Image for post
Image for post
Review Section

Then i am create 2 account and copy client id.Like Below:

user Profile (A)

test1@gmail.com > client id= 5d0687ab5568c800dc14aaae

Attacker Profile (B)

test2@gmail.com > client id= 5d068d935568c800df14aa97

Then i am capture puting review request in bup suite.Like Below:

Image for post
Image for post
Request Capture

Then i am replace user Profile (A) client id to Attacker Profile (B) client id and change 5 star to 2 star then forward request.Like Below:

Image for post
Image for post

Boom then i see user 5 star rating successfully change to 2 star rating.Like Below:

Image for post
Image for post

My Feeling Below The Giphy Because Its My 1st Bounty />

Image for post
Image for post

Some Resource I Share Below.This Sites Writeup and poc i am follow many times:

  1. List Of Bug Bounty Writeup
  2. About IDOR
  3. Bug Bounty Notes
  4. Bugcrowd University

Thanks For Reading.Here My Facebook Profile feel free knock me any question about bug bounty.

Remember: I am not a pro man I am Still Learner In This Field.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store