No bounty for a Facebook Bug that I reported.

First of all, let me clarify that I am not a professional bug hunter. I have some knowledge and experience in bug hunting, but I am not an expert.

I used to search for bugs on Facebook with the intention of earning a bounty. I was inspired by some hunters who received four-digit bounties as rewards from Facebook.

I started learning the basics of cybersecurity, and without much experience, I directly jumped into Facebook, where thousands of professional bug hunters were already in the race to find bugs. I knew I was definitely entering the competition with limited resources.

Despite my lack of knowledge and experience, I explored different domains of Facebook to increase my chances of finding a bug. I was familiar with the Burp Suite software, which is a valuable tool for bug hunters.

At that time, it was challenging for me to identify advanced bugs. I focused on finding simple bugs that were easily visible and didn’t require any additional software or programs.

Let me share one bug report out of the nine that I submitted to Facebook: Hidden/Deleted posts reappearing.

While searching for bugs, I was suddenly surprised to see a deleted post reappear on my profile. The post seemed to have been made seven years ago, which was quite strange. I found this bug by luck.

Here is a bug report that I sent to Facebook:

LoL, my writing was too bad.

Just go through the format,

Title:
Vulnerability Type:
Product Area:
Description/Impact:
Reproduction Steps:

You can now have a clear idea of how to write a bug report. These format guidelines will be visible when you visit the report form from the site: facebook.com/whitehat

Simply fill out the form clearly, and don’t worry about grammatical errors. You can write in the way I did, hehe, but make sure the bug is clearly described. Additionally, you can include a video link demonstrating the bug. Upload the video on YouTube as an unlisted video and provide the link in the report form.

Here is the reply to my bug report,

Sadly, 8 other reports along with this did not qualify for a bounty, but the walkthrough itself was quite interesting and fun.

If needed, I can disclose other bugs I found on Facebook.

After the rejection of the 9 bugs that I report, I really feel demotivated but didn’t want to step away from this field.

Later, I again started taking courses and learned so many things about cybersecurity from basics.

Still, I am not a cybersecurity professional but I have got good knowledge about it from the walkthrough.

The cybersecurity field is truly fascinating and competitive too.