Finding bugs and earning bank.
A crap post about a rubbish undisclosed bug
It’s a bit weird, I’ve been doing Information Security work for about 8 years now, coming up for 5 of those have been exclusively Security related and yet I’ve never earned a single penny from a bug bounty program. The few times I have found something I’ve been unable to disclose and they offered nothing more than a ‘cheers’, or in one instance, ‘by finding that bug you’ve broken terms and conditions of the use of the product’. Incidently, I hadn’t, the terms stated I wasn’t allowed to test the product with automated tools, I did it manually, which made me technically correct, which as everyone knows, is the best form of correct.
Anyway, I found a bug, the Company was on hackerone and the submission was accepted as valid and fixed. I got a bounty! You can see it here in all it’s undisclosed glory:
So there you go, I can’t provide any techinical details and this post is crap because there’s not much else I can say. However, it may not be much but it’s mine, and I’m pleased enough to want to share it.