How i got into Bug Bounty?
So, the story begins during the first lockdown due to Covid. I opened an account on LinkedIn and started adding connections. Many people were posting about bug bounty, and I got interested to see what it was all about. I began searching for information. One day, as I was scrolling through my feed, I came across a bug bounty course giveaway post by Hacktify, and luckily, I won that giveaway. It was a nice course for beginners, but my suggestion for beginners is not to buy any courses because you can find all the necessary information for free on the internet — it’s just about your searching skills.
From this course, the first bug type I learned is XSS. It’s easy to understand and seems easy to find, which is what beginners often think, but it is not. After completing that course, I focused on hunting for XSS and got many NAs and duplicates. Then, I took a break and started learning about new bugs. I was searching for different types of bugs when I came across a YouTube channel that was really awesome. I suggest you check it out: https://youtube.com/channel/UCq7-Qf45etdk0qc35I_n7PQ. The creator of this channel uploaded a video on the Open URL Redirection bug and also how to find it using Google Dorks. It helped me a lot to get a better idea about Open Redirection and Google Dorking. After watching his video, I found an Open Redirection in Nokia, but it was a duplicate.
How I Got My First Bounty?
After a few days, I tried to hunt for Open Redirection on the HackerOne platform. After testing 2–3 domains, I found an interesting domain. I noticed that the last bug was resolved three months ago, so I got interested in it. I crawled the website (you can search on YouTube how to crawl a website) and found an interesting URL, let’s say https://domain.com/register?url=http://etc.com. So, I replaced etc.com with example.com, and after filling out the signup form, it redirected to example.com.
Tip: If you find any bugs, report them as fast as you can, as I did. I reported that bug on June 20th, 2021. On another day, I checked for any response but received none. I got an idea to increase the severity, so I replaced the domain name with an XSS payload: https://domain.com/register?url=javascript:alert();. BOOM! I saw the XSS popup. I quickly updated my report, and I got the first response like, “Hey, thanks for the report! Can you confirm it’s fixed?” I retested, and it was fixed. After a few hours, they offered me a $300 bounty.
Dork for Open URL Redirection:
site:example.com inurl:redir | inurl:url | inurl:redirect | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
(You can modify as per your finding)
https://www.youtube.com/channel/UCnrlBs_zkag7x6TIHJqjvxg
You can find the POC here, and do subscribe to my YouTube channel for more POC or Bug Bounty related videos.
