.png)
6 months ago
36 BOOK THIS SPACE FOR AD
ARTICLE ADMy story won’t be too long, I am a novice hunter and I want to tell you about how I found my first bug . It’s not a manual on how to find a bug.
I chose site and did a quick analysis of it using the tool/plugin wappalyzer (this is not an advert :0 ) and found that it runs on the cms WordPress .
I was happy because I remembered that I read on Medium that there is an easy to use and convenient vulnerability scanner WpScan, but alas it did not help me :(
“Maybe I wasn’t using it wrong or the problem was something else, whatever”
My hands were a bit down because of this, but I didn’t give up. I decided to check the site further (subdomains could not be scanned, they were out of range) So I was left to rely on Wappalyzer and I began to list in Google every plugin, cms, bd found by this plugin, like: cve wordpress 6.4.3 poc , cve nginx 1.18.0 poc .
And then I search Contact Form 7 5.3.1 cve poc and find a vulnerability, my joy was unbounded.
I’m testing a POC I found on the GITHUB site, having previously checked its code, how it works and if it causes any problems/infections. (Always check other people’s codes they can be dangerous)
And everything goes fine, I leave a link to it as proof . and write a report .
I ended up getting paid $143.98.
Thanks for reading this article, good luck with your search and have a good day (What conclusion can be drawn? Don’t completely rely on automation, sometimes you need to work with your hands :) )
Bengali (Bangladesh) · 
English (United States) ·