How I got my first Hall of Fame - Bug Bounty

Hello cyber enthusiast, I am Pranav Patil a cyber security enthusiast & bug bounty hunter, currently I’m in my final year of electrical engineering. I’m writing this blog very late after getting my first hall of fame. Apologies for any gramtical & spelling mistakes while writing.

I started doing bug bounty in sept 2023. After learning about OWASP and solving labs on tryhackme, portswigger, pentesterlab and reading so many POCs for 1 year. Then I thought to do bug bounty seriously this time. I will share my small but frustrating bug bounty journey in some other blog. After many duplicates, NA, Informative bugs I finally got my first valid bug which gave me hall of fame on their website. So let’s get started.

I chose a self hosted program with help of google dorks, and started hunting on that. Lets assume this as Redacted.com due to privacy policy. I did some recon on this program like subdomain enumeration, then filtering out only live subdomains. After visiting every subdomain manually I decided to focus on 1 subdomains which looked like this faqs.redacted.com. I always believe in manual hunting rather than automation tools. So after trying for some hours I didn’t find anything there. But before leaving for next subdomain to hunt for I decided to try directory bruteforce on this subdomain. So I started directory bruteforce with help of Gobuster. After some time I got some directories present there, but most interesting was “/admin”. I got excited to test on this. As I opened this endpoint I saw there is admin login page. I tried to bypass this, used common admin panel credentials, tried bruteforce, also tried SQL Injection attacks to bypass login, but no lick at the end:( At this time I was really frustrated & tired, but below login panel there are social media icons which are links for different social media accounts of this program. So I started opening each social media site there. But wait!! twitter site of this program has something strange page, it was showing “No Acoount Found”:)

Then here comes the Broken Link Hijacking vulnerability. Broken Link Hijacking (BLH) is a web-based attack where the attackers take over expired, stale, and invalid external links on credible websites/ web applications for malicious/ fraudulent purposes. And the attacker takes control of the resource at the other end of such a link somehow and uses it to fulfill his/her motives.For instance, a company may delete a social media account but leave the link on their website. The hijacker will simply create an account with that name and post something objectionable or engage in phishing, posing as the company.

In the footer of the login panel there is a link to the twitter account & that twitter link was broken. I as a attacker created a new twitter account with same username of the website’s twitter page just for testing purpose. Now when you click on twitter icon on there website then this was redirecting to twitter account controlled by me:) Impact of this bug is: By accessing expired social media account links and using the broken links on websites/ web applications, attackers can engage in defacements. They can change website’s original content to their malicious or offensive content. This could lead to an erosion of the company’s reputation, customer attrition.

I reported this to the program & within 2 days they responded with ‘they have resolved this issue and added my name in hall of fame on their website’. I know this was really simple bug but has some impact also & this was my first valid bug which gave me my 1st Hall of Fame.

Thank You for reading this blog. I’m releasing my next blog soon about “a bug I found which gave me admin panel access with some sensitive data leakage”. So do follow me for more cybersecurity, ethical hacking, bug bounty related topics.& stay tuned for next blog :)

Follow me on twitter/x

Connect me on linkedIn