How i got 7000$ in Bug-Bounty for my Critical Finding.

Image Credit >> computerworld.com

WHOAMI:

@Kishan Kumar (noobie-boy) > Independent Web/Mobile security researcher, bugs hunter and App-Sec Trainer

Summary:

The program was about a news agency and their web app and their mobile application. I had managed to get their PII data which is very sensitive by nature including their banking details like bank transactions info, API Keys and much more which were stored in an excel file. I found these excel files via admin panel of the company which were found in their android application through static analysis.

Attacking Steps:

1: Firstly I had downloaded the target apk file.

Got the file via dirbuster after authentication in admin panel
This one is the first excel file which is having users’ details.
I got 7000$ bounty for PII details from the company after few days.