.png)
2 weeks ago
18 BOOK THIS SPACE FOR AD
ARTICLE AD
بسم الله الرحمن الرحيم و الصلاة و السلام على اشرف المرسلين
Hello guyz , my name is Adham Heinrich , I am bug hunter
That’s my first writeup , so excuse me for any mistakes
I was hunting on a private program on hackerone let’s call it : target.com
It’s a cloud service or like virtual machine to save your data in it .
After understanding the website , I tried the forget password function , it asks me for email or username (focus on username because the trick is here) , when I enter the email , the forget password link comes to me easily , but If I enter the username?
When I entered the username and saw the request in burpsuite , the email reflects in the response , so I tried to enter any other username to see what could happen ? It also reflects there email !
That small details could earn you easy money so dont forget to check the forget password function if it asks for username .
Elhamdollelah it was triaged and resolved successfully ❤️
السلام عليكم و رحمة الله ❤️
Bengali (Bangladesh) · 
English (United States) ·