How i got 100$ bounty

hi everyone my self sai,

its my first writeup sorry if you found any mistakes in my English.

its bugcrowd public program and its ecommerce related. and it has widescope.

lets name it has example.com.

like every bughunter, first i was started with subdomain enumeration.

after enumeration i started looking for intersting subdomains.

i found api.example.com. i know every bug hunter already tested this subdomain. but i thought “every software have a bug when you think widely”. i start exploring the subdomain.

first i read the api docs of that subdomain.

then i start looking into waybackurls for api.example.com endpoints

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

here i suggest the chrome extension (xnl Reveal ).

explore it . you definitely got something new.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

coming back to our topic, i manually checked every endpoint.but nothing

i got.

here main note is:

“try to understand the what is the purpose of this api “

here this api.example.com purpose was add,delete,modify the product details .

and also this platform allows to create own ecommerce website page for sellers.

so i decided to do the github recon on this api.example.com

i was started with “api.example.com” search, i got 30k results ,but we already know only possible to see 5 pages only. so we neeed filter out the details, i already read the api documents ,so i add “x-auth-token”.

final dork was {“api.example.com” x-auth-token }

i got 10 k results ,then i start looking for x-auth-token. more tokens i got .every token shows invalid.so i observed one thing here in results every code repositroy shows “x-auth-token :” and some results shows “x-auth-token” only. so just modified the dork .just add :

“api.example.com” x-auth-token:

i got nearly 3k results ,again i start checking every token, finally i got one token and i got this token in company repository example section.and also it has access token and store id .without store id we cant exploit.

then finally exploit the token ,its allowed to add or delete or modify the products.

i thought its was p2 level bug easily. but they accepted the bug its was p4. and they allocated 100$ bounty.

reason: its test account.