.png)
1 month ago
36 BOOK THIS SPACE FOR AD
ARTICLE ADAs someone who has always been interested in cybersecurity, I know that vulnerabilities come in all shapes and sizes. From complex SQL injections to simple logic flaws, every bug has the potential to cause significant issues for a website or application. Recently, I stumbled upon one of the latter — a small but impactful bug that earned me a $150 bounty.
At the time, my cybersecurity skills were minimal. I decided to visit HackerOne and picked a site to test — let’s call it example.com. I started experimenting, testing inputs for vulnerabilities like XSS, but nothing worked. However, when I changed a parameter on the login page, it triggered an error:
“We’re sorry, something is not working right. Please try again later.”
Interestingly, this error message was also reflected in the URL:
example.com/…?error_description=something+is+not+working+right+Please+try+again+later.
My curiosity took over, and I wondered if I could change the error message by modifying the URL parameter. So, I gave it a shot — and it worked!
Excited, I reported the bug on HackerOne with a big smile on my face. I was worried it might be a duplicate, but luckily, it wasn’t. A few days later, the report was triaged. After a few months, I received a total of $150: $50 for the initial report, a $50 bonus, and another $50 bonus for a retest.
And that’s how I earned my first $150 through bug bounty programs.
Bengali (Bangladesh) · 
English (United States) ·