MY first bug bounty via Parameter Mining

$Whoami

Hello reader, this is Tarun.M from Bangalore, currently pursuing my engineering in electronics, my journey towards hacking started way back in 2022 .

$cd journey

In 2021, I started my engineering in and I discovered bug bounty in 2020. Despite feeling unprepared and having self-doubt, I decided to give it a try. Focusing on one bug at a time, I found my first bug after one year and it takes a lot of perseverance.

$ cd methodology

I started to find all my bugs on these crowdsourced security platform like Bugcrowd , Intigriti , Hackerone (most competitive) and I realised then let’s just try on private programs.

Then I found a billion dollar company that has it’s own bug bounty program and it’s one of the most renowned stock brokering app in India.

I then went to the careers page and that there is no job openings currently.

Then I started to fuzz the page, nothing but then I ran ParamSpider then I found some strange parameter and then I found the job application page/ form(which shouldn’t have been able to access it).

This was business logic error and I reported it the company and two weeks later I got the confirmation and I was thinking such a simple bug and I never thought I would be awarded with bounty.

So wish me luck for future endeavours and until then see you!!!!!!!!