.png)
7 months ago
46 BOOK THIS SPACE FOR AD
ARTICLE ADHello all,
I got into bug bounty hunting after hearing inspiring stories here. Despite that, I kept encountering duplicate bugs. Then, one day, I stumbled upon a website using a Google dork that exposed customer databases, including order details and login credentials. I promptly reported this to the IT company based in Bengaluru, and they assured me of a bounty. However, after they fixed the issue, they stopped responding to my calls and emails.
After conducting a search on Google (google dork) using the query “inurl: crms , /admin, .sql ” I discovered a website at https://crms.redacted.com.
Upon exploring the directory, I encountered a significant amount of exposed information, including CRM data and a database SQL file. Upon opening the SQL file, I found numerous entries containing customer data, including login credentials, and order details.
My question is, what should I do next? Consequently, I’ve stopped searching for security bugs on Indian sites because they have proven to be untrustworthy, failing to honor bug bounty promises despite assurances.
Bengali (Bangladesh) · 
English (United States) ·