.png)
3 years ago
340 BOOK THIS SPACE FOR AD
ARTICLE AD
How i got into Bug Bounty?
So the story begins from first lockdown due to Covid, i opened account on LinkedIn and started adding connections. Many people posting about bug bounty and i got interested to see what it is and started searching about it. One day i was scrolling feed and saw bug bounty course Giveaway post of Hacktify and luckily i won that giveaway. It was nice course for begginers but my suggestion for begginers to do not buy any course because all stuff you can find on internet for free, it just about your searching skills. So from this course, first bug type i learned is XSS and it is really easy to understand and easy to find thats what begginers think but it is not. After completing that course i just hunt for XSS and got many NA , Duplicates. Then i took a break and started learning new bugs. I was searching different types of bugs and i got one youtube channel that was really awesome i suggest you to do checkout it. https://youtube.com/channel/UCq7-Qf45etdk0qc35I_n7PQ
This guy uploaded a video on Open URL Redirection bug and also how to find it using Google Dork. It helped me a lot to get more idea about Open Redirection and Google Dorking. After seeing his video i found Open Redirection in Nokia but it was Duplicate.
How i got my first bounty?
After few days i tried to hunt for Open Redirection on Hackerone Platform. After testing 2 3 domains i got a interesting domain because i saw on that domain last bug resolved in 3 months ago so i got interested in it. I just crawl the website (You can search on YouTube how to crawl website ) and found interesting URL lets say https://domain.com/register?url=http://etc.com.
So i replaced etc.com to example.com and after filling sign up form it redirects to example.com. Tip: if you found any bug report it as fast as you can as i did. I reported that bug on Jun 20th 2021 on another day i checked for any response but got no response. I got idea to increase more severity and i replaced domain name to xss payload. “ https://domain.com/register?url=javascript:alert();" and BOOM! i saw xss pop up. I quickly updated in my report and got first reponse like “ Hey, thx for the report! Can you confirm its fixed? “ .
I checked it and it was fixed. After few hours they offered me $300 bounty.
Dork for Open URL Redirection:
site:example.com inurl:redir | inurl:url | inurl:redirect | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
(you can modify as per your finding)
https://www.youtube.com/channel/UCnrlBs_zkag7x6TIHJqjvxg
You can find POC here and Do subscribe my youtube channel for more POC or Bug Bounty related videos.
Thank You and forgive me for my bad English.
Bengali (Bangladesh) · 
English (United States) ·