This is the journey detailing how my name was added to humans.txt for scoring my first bug bounty, a severity 2 one at that! Im writing this as i’ve always personally been interested in how people discover security vulnerabilities. Furthermore, vulnerability itself is incredibly easy to exploit, details can be found at the end of this article. (pls scroll slowly so I can rake in some partner program earnings)

Back story

I was originally going to write an article describing testing I conducted in an attempt to figure out how much of the $5 monthly fee is given to writers through the Medium partner program. I had planned to test out different interactions which I thought might affect a writer’s compensation. Such as reading the article for different amounts of time and seeing if interacting with the article (through means such as: highlighting text, clapping) would affect the writer’s compensation. Since I am on a shoestring budget I only wanted to pay for a single “control” account to do all my testing from. I originally had 20+ different scenarios I intended to test and could only test a single one per day as Medium Partner Program earnings are calculated daily, I was looking for ways to automate the process. Thus, I went exploring through the chrome developer tools to analyze how data is transmitted back to

Image for post

A paywall is a method of restricting access to content via a paid subscription. Beginning in 2017, Medium implemented a paywall on their website that writers could voluntarily opt into. In-exchange writers would receive a share of the membership fee paid by the reader.

Although I do not personally want to participate in Mediums “Partner program”. Many publications such as The Startup prioritize content that is placed behind the paywall:

Image for post

So I personally have no issue/take no offence if you are to use the methods discussed below on articles I write as I only make a paltry $2 per month on this platform anyway. …

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec quis tincidunt risus. Morbi quis ipsum vitae leo facilisis faucibus sit amet in est. Fusce iaculis nisi ipsum, nec ullamcorper diam porttitor sed. Pellentesque tristique venenatis feugiat. Nam in ex a nulla gravida aliquam in quis enim. Sed nec consectetur ipsum, in congue dolor. Mauris metus nunc, malesuada at pellentesque sit amet, porta vitae lorem. In non libero id quam cursus vestibulum eu eu arcu. Aliquam porta est sit amet accumsan euismod. Nullam ac massa augue. Suspendisse at pellentesque mauris. Proin posuere accumsan quam vitae congue.

Donec nisi dui, congue eget hendrerit ut, facilisis non lacus. Vestibulum commodo dignissim auctor. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vivamus ut velit placerat, cursus mi eget, elementum lorem. Curabitur neque felis, viverra interdum metus et, consectetur eleifend elit. Curabitur rhoncus volutpat augue, eget pharetra massa vestibulum eu. In hac habitasse platea dictumst. Maecenas sed semper eros. Donec auctor ipsum consequat ligula iaculis, rhoncus tristique elit rhoncus. Praesent eros mi, accumsan a porta id, hendrerit et mauris. Ut malesuada nulla ac est tincidunt posuere. …

Mohammad-Ali Bandzar

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store