How i earned $550 for race condition vulnerability

1 year ago 69
BOOK THIS SPACE FOR AD
ARTICLE AD

Hi my name is Aman and i am 22 years old. i am computer science student, bug hunting is my part time work since a bit more than a year.

In this article , i want to discuss about my journey of making $$$ dollars from bug bounty program.

This is my first article & i am not good in english so I want to say sorry for my bad english.

The vulnerability that i had found in one of my private program is race condition, so what is race condition.

A race condition occurs when multiple thread read and write the same variable . they have access to same shared data and they try to changed it at the same time.

let’s started

Before month ago, i got private invitation hackerone. i can’t disclose the programe name so let’s we call it target.com.so i was checking TARGET website functionality i came there is option i can create a collab auth ( i know every one don’t know what is collab auth) you can google it because i also don’t know . there is option i can create a collab auth endpoint So their is option to create Collaborative Authorization endpoint but limit only 5.

so you also know that i will i do. i want to try bypass this limit ,let’s try to bypass limit. like a hacker.

i knew via race condition may be i can bypass but i am not 100% sure i am can bypass or not.so i opened my burp suite pro edition & captured the req using burp req is look like.

send this req in turbo intruder and set race.py . click on start attack. i saw i successfully created more than 5 spend rule (collab auth).i happy to see that. Yes, the race condition vulnerability was exploited successfully.

look at this i create more than 5 collab auth

without wasting any time i immediately report this bug.

i was thinking

next day i woke up & i got a mail.

also got bonus.

follow me :

https://twitter.com/being__aman

Read Entire Article