BOOK THIS SPACE FOR AD
ARTICLE ADHey, my hacker buddies! I hope you’re enjoying WFH (if you have) or your bounty days! I haven’t been hunting much for the past couple of months, and that’s why I haven’t been active on Medium.
On 9th jan 1:30 am, I received a notification about a new scope added to my private invitation program while I was already asleep. Upon waking up the next morning, I began my investigation. After conducting reconnaissance on the scope, I employed the powerful tool FFUF. Through FFUF, I discovered the presence of a .env directory, housing sensitive data for the specific website keys, username and passwords. The complete URL is as follows: https://www.abcd.xyz.com/.env. You can view it in the screenshot below:
Reported → November 9th, 2023
Triaged → November 9th, 2023
Bounty Awarded → November 9th, 2023
So, that wraps up this episode. If you found value in it, kindly give it a clap below. Also, don’t forget to follow me on Linkedin for more content like this. Your support means a lot !
Keep on the hunt! Bugs lurk everywhere, and a unique mindset, cultivated through experience, is key. Don’t let setbacks demotivate you; bug bounty is a love-hate relationship, and we don’t abandon what we love. Dedicate time to the programs, and you’ll unearth something valuable eventually.