.png)
7 months ago
54 BOOK THIS SPACE FOR AD
ARTICLE ADHi, Fellow Hunters, Ram Ram Bhyi Sarya Ne,
Hope you are doing well and taking care of your health, this side V3D.
I am writing a write-up of one of my findings.
Issue: Infomation Disclosure of Customer’s invoices, Customer’s emails
Note: These are private Bug Bounty Programs, so I can’t disclose the program name, let’s consider them as REDACTED.COM
Without any further ado… Let’s Start…
One of my friends Virdoexhunter told me about this website https://otx.alienvault.com, here OTX stand for (Open Threat Intelligence), It is a platform which is used by security researchers and threat data producers to share research and investigate new threats.
How to use this website?
Just navigate to https://otx.alienvault.com/indicator/domain/target.com
Here you can change target.com to your target website.
You can find a lot of information here related to your target, but there is an option of “Associated URLs” When we go to this option it reveals a lot of information and endpoints.
1st Case of 500€ Bounty:
When I started testing on my target I used OTX. I navigated to https://otx.alienvault.com/indicator/domain/target.com and then I went to the “Associated URLs” option, here I got my target company 50+ customer’s invoices, I downloaded all the invoices and reported to my target company and they award me with 500€ bounty.
2nd Case 200$+200$ Bounty:
Similar to the 1st case I started my testing on my 2 target companies and also I used OTX for them. When I navigate https://otx.alienvault.com/indicator/domain/target.com and then the “Associated URLs” option, here I got companies 400+ customer emails (200+ each), their customers are big MNCs companies, I reported this to my target companies and they rewarded me 400$ (200$+200$ for each) bounty.
Currently, OTX is not showing any results and showing 0 results on “Associated URLs”, but you can use the below API request
https://otx.alienvault.com/api/v1/indicators/domain/target.com/url_list?limit=100&page=1
Also, you can use the GAU tool which fetches the result from https://otx.alienvault.com, you can find it here GAU
Hope you find this write-up helpful.
Hope you learned something new. If you like the write-up give it a clap and follow me on Twitter V3D
Bengali (Bangladesh) · 
English (United States) ·