.png)
3 months ago
27 BOOK THIS SPACE FOR AD
ARTICLE ADHello its me kimia .I am back again with some tips for my brothers and sisters,Without wasting time lets get started. So some of you knew about me from my first writeup and some of you not so let me introduce myself again ,basically I am a 18 year old class 12th average student from west bengal,India and also a security researcher or you can call me a noob hacker hehe.
So toaday’s writeup is all for begginers and if you are a pro hacker you can still read to fix my errors and make a good one like you
So when you are starting maybe you have submitted a lot of reports but got responses like NA,Informative,duplicate , listein my boy dont worry you kimia bro is here to motivate you so before giving you the tips let me show you my bugcrowd reports conditions till now
so you may thing damn kimia is a pro one ,no I am not. I am a same guy like you learning and trying to be better .
so here total accepted are 17 but the sad thing is 16 are p5 and one is p4 that is the nasa one
and total duplicates 37 and most of them are p3,p2,p4 but the i got total 10 points from 2 reports one is p2 informational and p5 informational hehe
so i will write a another writeup about both of the bugs but lets start talking about the tips
1.NA or Informative : So If you got Na or informative as reponse well the reasons are
a.Your bug dont have much impact on the target, humm lets take an example suppose you found a clickjacking vulnerbility on a website which dont have a login pannel or any other functionalities all you can do is read a portfolio or a blog and nothing else so the imapct will be 0 there
b.Second thing can be you found a bug but failed to show its impact ,suppose you found a info leak where you found a api key of any services and you just reported “hey team i found a api key “, man to get a bounty you have to exploit it further and show them in a poc that which type data or information you can get using that api key than they will give you a good bounty . So dont be lazy man when you can stalk your ex or crush and wait for their ,messages or chat with them all day instead doing that brother go learn,hunt,exoloit and earn money and be a skilled hacker
2.Duplicate: Well if you got a duplicate then congrats your bug was valid but already reported by another guy who is hacker who is single and give his time on learning instead waiting or texting a girl, so you should do that same and be a good hacker hehe
lets get back on point
for this case you can do is chain your bugs with another bug suppose some one found a open redirect bug and if you will report that you are gonna duplicate but if you chain that open redirect with xss or ssrf then you can get a bounty.
so its all for today see you soon,
and don’t forget to dm me , man dont be shy i am not or crush or ex .I am a good brother who is waiting for your dm so both will s learn together and maybe your knowledge can help me a lot :)
https://www.instagram.com/kimia_exe_/
Bengali (Bangladesh) · 
English (United States) ·