.png)
10 months ago
67 BOOK THIS SPACE FOR AD
ARTICLE AD
hello,
so as all time iam ahmed this is my second blog, i start sharing my experience in bug bounty so follow me if you are interested for more.
today we will talking about easy bug = big bounty so let’s started.
i was do some testing for login function of target let’s say test.com
so something in my mind told me to test brute force because i know what’s the vulnerability is out of scoop here is why should to have a good knowledge of the programe you test on it.
and brute force not there but the most of programs is add it as out of scoop.
so i try to send the request to burp & to intruder and add a lot of passwords and i see that’s have no limit.
i was surprised a big company like this don’t have limit in login of the main domain i reporte it and after 2 houres the team member Triaged the reporte.
after 4 hours the programe send the
bounty of 2000$ and critical severity
so i guess i was don’t enjoy with this bounty because i don’t find something good i love hacking more then money all time i chosee the knowledge over money.
so this is just a simple blog currently i am completely away from hacking i’m studying so after i back to hacking, i start sharing now technical blogs.
this is the response of the team:
This has now been resolved and we are applying rate limiters via cloudflare on the login pages.
Thanks for reading, and don’t forget to read my first blog have a lot of knowledge and good sources.
you can find me here:
Bengali (Bangladesh) · 
English (United States) ·