$600 Bug Bounty: How I Poked Microservices and Got Paid!

1 month ago 30
BOOK THIS SPACE FOR AD
ARTICLE AD

Raunak Gupta Aka Biscuit

OSINT Team

Free Article Link: Here!!

So there I was, minding my own business, scrolling through bug bounty programs, when I came across this one app using microservices. Now, microservices are like those small Lego blocks — cute but sneaky. You mess with one, and the whole structure falls apart. And me? I was ready to bring my inner Lego master out to play. I grabbed a cup of TEA (the Indian hacker’s juice) and dove right in.

The Discovery: A “Simple” Misconfiguration

After going through the usual reconnaissance routine (a little nmap here, some Burp Suite there), I found something weird in one of the microservices. Let’s just say it wasn’t as locked down as it should’ve been. I poked around, and lo and behold, I hit the jackpot: some kind of misconfiguration in the API endpoints. Bingo!
My immediate reaction? No way it’s this easy. But it was.

Read Entire Article