.png)
2 weeks ago
44 BOOK THIS SPACE FOR AD
ARTICLE ADHow I used subdomain enumeration and IDOR to earn $5,000 in bug bounty hunting — step by step
“I never thought I’d find a vulnerability worth $5,000 in just a few hours of hacking — but here’s how I did it.”
This wasn’t just any bug — it was the weakest link in a billion-dollar app. Imagine uncovering a flaw so critical that it could expose sensitive data for thousands of users. That’s exactly what happened, and it earned me a $5,000 payday.
Why does this matter? Because it shows that anyone with the right mindset and tools can succeed in bug bounty hunting. Let me take you through my journey, step by step.
Who Am I?
I’m a part-time bug bounty hunter who loves uncovering hidden app flaws. I’m not a full-time hacker or a cybersecurity expert — just someone who enjoys the thrill of the hunt.
The Target
My target was a billion-dollar ticket-booking app on HackerOne. It’s a massive platform used by millions of people worldwide, making it a prime candidate for vulnerabilities.
Bengali (Bangladesh) · 
English (United States) ·