Finding My First Bug: The Power of Understanding Website Logic ‍♀️

Note: Before we dive into my write-up, I want to take a moment to remind everyone of an important cause. Supporting the people in Gaza can make a real difference. Even a small donation, such as $5, can help provide essential support to many families in need. Please consider making a contribution to help them. Your kindness can go a long way…

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Salam alaykum, guys! I hope you are all doing well. As you can read in the title, I found my first bug! I’m really excited about it and have decided to do some research to gather tips and insights on how to improve my bug-hunting skills. If you have any advice or recommendations, I would greatly appreciate it. Thank you, and enjoy! 🐱‍🏍🕸️

I started with a main application. First, I decided to explore all its functions and understand what the application is used for. I always keep Burp Suite open during this process. My recon tool is the documentation API. After some time, I began to understand all the functions, and I realized that the application is great for organizing users, teams, and work. This is my favorite type of application! 😂

I started to try to break the access control, but after a period of time, I didn’t get any results. I thought this was because the application is public and part of a main application. This is what my mind suggested, and I started to feel bad. After some time, I started over again and found that a side of the application is also a default organization but with developer tools, especially because some users shared the application to help another users

I saw something interesting called “Marketplace.” I opened it, and it was like a profile where you can add your name and URLs about yourself, but only the admin can access it. The power of match and replace! 🐱‍🏍🕸

Then I moved on, and when I tried to add a name or URL, nothing appeared. After that, I went to the admin side and was surprised to see that the information had changed.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

“Match and replace is a powerful tool if you understand how to use it effectively.
Recommendations for learning more about finding with match and replace: