How much money did I make from doing Bug Bounty?

When it comes to Bug Bounty, money is arguably the primary motivation for beginners in Cyber Security field. Back when I was starting out, I just wanted to make money. And that’s what I believe most of the beginner minds are thinking as well. So to not waste any of your further time, let’s dive into the statistics on how much money did I make in 6 months of doing Bug Bounty!

Socials:

Instagram: @dead0verflow

Youtube: @deadoverflow

Email: ihusanovic@gmail.com

GView! Do you want to know when your emails are opened and how many times have they been opened? Well, now you can do that with GView! Get GView today using the link below. https://meowebstore.gumroad.com/l/g-view

I will only be covering the period of around 6 months in which I managed to find 8 different vulnerabilities and reported each respectfully. However I will reveal a little secret on how I managed to find all of them so stick around ‘till the end to find out!

Out of all vulnerabilities that I found, the one that made me the lowest amount of money was some stupid XSS on a local website. Basically, I found a really simple XSS and decided to report it to the business owner, so after the vulnerability was fixed I was rewarded with total amount of $150.

The one that made me the most amount of money was a logic bug on another pretty popular website in my country. Basically you could overtake any account via broken password reset logic without the victim ever knowing nor having to do anything. I was rewarded for this one with the total amount being $12,300!

Other vulnerabilities were varying between $500 and $2500 because I wasn’t really using traditional websites for Bug Bounty like Hackerone or Bugcrowd. I was rather trying to find vulnerabilities on local websites in my country because I knew it is easier to work on Bug Bounty like this since there is no competitors outperforming me on these websites. Technically I was the only hacker trying to find vulnerabilities on those websites and in that scenario, finding vulnerabilities is almost guarantied.

So to sum everything up here is table of how much money I made using my technique of hunting for bugs on local websites:

Broken password reset functionality | $2500

Broken password reset functionality | $12,300

Broken phone number verification | $500

Stored XSS | $1500

IDOR | $750

Reflected XSS | $150

Host header injection | $500

CSRF (Few days ago actually )| $1200

Total: $19,400

To be honest if I didn’t find the vulnerability that made me $12,300, I wouldn’t even go past $10k but thanks to my skill, hard work mostly and a little bit luck I was able to make a decent amount of money through consistent and hard work in the last 6 months. Hopefully you will be inspired to hunt on local websites of yours instead of swimming in a pool of more experienced hackers hoping you somehow stumble upon a bug.

Don’t forget to get yourself GView and thank you so much for your time, until next time, stay safe and continue hacking!