My first bug bounty

Heyy everyone, with this blogpost I wanted to share with you, that I got my first bug bounty on Linkedin BBP in Hackerone and share a tool I wrote that could be helpful for beginner bug hunters or pentesters, sadly I can’t share details about the report even tho some months have passed , I didn’t got a response to my disclosing request(but I lately noticed that I had to use option “request disclosure”), but anyways it’s always good to share good news, you can check that in my account, the bug gave me the abillity to see phone numbers of any Linkedin user by providing the email address of the user, sadly I can’t disclose more than this (I basically said the title haha).

And about the tool I wrote, I wrote it especially for finding get parameters which value may get reflected, you can find the tool here (I made the tool far before this post).

Okay thanks for reading, that’s all )

I will try being more active here, also spoiler: I’ve found another medium bug again in H1 managed platform, rate limit bypass in login mechanism, the platform is big and well known, but idk why they don’t wanna accept my report, and at first it got marked as duplicate of 3 years unresolved bug lol, like what the hell man? You got medium severity bug and didn’t fix it for 3 years? It’s crazy guys, I wish nobody has this kind of bad experience, especially when you know that 100 percent your findings are exploitable and eligible. Ah whatever I wanted small spoiler but told a whole story lol.

See ya 👋