Finding bugs and earning bank.

A crap post about a rubbish undisclosed bug

Pete
Pete
Aug 16, 2017 · 1 min read

It’s a bit weird, I’ve been doing Information Security work for about 8 years now, coming up for 5 of those have been exclusively Security related and yet I’ve never earned a single penny from a bug bounty program. The few times I have found something I’ve been unable to disclose and they offered nothing more than a ‘cheers’, or in one instance, ‘by finding that bug you’ve broken terms and conditions of the use of the product’. Incidently, I hadn’t, the terms stated I wasn’t allowed to test the product with automated tools, I did it manually, which made me technically correct, which as everyone knows, is the best form of correct.

Anyway, I found a bug, the Company was on hackerone and the submission was accepted as valid and fixed. I got a bounty! You can see it here in all it’s undisclosed glory:

So there you go, I can’t provide any techinical details and this post is crap because there’s not much else I can say. However, it may not be much but it’s mine, and I’m pleased enough to want to share it.

Pete

Written by

Pete

InfoSec architect, analyst and researcher. Suffering from full time imposter syndrome.