Day 10 Bug Bounty — 60 days 60bugs challenge — New Start!

2 months ago 21

Abhijit Dutta

Hi there, its cyberbeat again! I have been almost disappeared for a month, was sick and procrastination dragged me out of the game. But yes I’m back again completing the challenge and will complete the whole challenge.

This morning I got up at 6, got down to hacking one of the programs that I used to hack before. I realized that the hardest part of getting back in anything that I do is just starting out. I dragged myself in front of my laptop and 15 minutes in, I was completely submerged! I didn’t realized that an hour and half has been passed and it was time to take a break.

During that time, I found a bug which was triaged as P5 (oops!) where I was able to find out a disclosed socket out in the internet. I reported that and got it as P5.

Later on I sat down again after taking a break, to find some other bugs. I have the list of subdomains that I found after recon and was going through it manually, I stumbled upon a subdomain where instead of loading the page, the contents were getting downloaded. Upon much inspection, I got to know that the proper MIME type has not been implemented.

So what is a MIME type? MIME stands for Multipurpose Internet Mail Extensions. It is a type HTML which refers to the way browsers and servers identify files on the internet. MIME types are a standard used to indicate the nature and format of a document or file. They play a crucial role in web development, ensuring that browsers interpret and display content correctly.

I knew that is a vulnerability that I can report and I reported it. Let’s hope for the best 🤞 for the triage.

As I took a good long break, I am looking forward to find some more impactful bugs and share with everyone else. Today I spent almost seven hours in finding these vulnerabilities. Here is what my toggl timer dashboard looks like:

My today’s learnings:

Even though I started with an intention to find cross-site scripting bugs, I reported two bugs none of which was cross-site scripting. You never know what you will be finding; you just need to get down to find some vulnerabilities.I learned about MIME, which I had no idea before this morning. So guys, take a note 📝Until and unless you are able to show some impact, the triager won’t consider your report seriously. One needs to write down the report in such a way that the triager understand the report and considers it.

That is it for today! I hope I won’t be taking more breaks from now. I will be finding vulnerabilities daily and will update you guys. Stay tuned!

Read Entire Article