Career update:
Started my journey as a Software Engineer, based somewhere in Western India.
Putting bug hunting on pause until I am all settled.
Let’s go!
#BugBounty#SoftwareEngineering
From thinking it would be my first Critical, to getting triaged with P3 priority.
I requested an RAR, mentioning the critical impact — but it still stayed at P3.
Later on, even the P3 severity got cleared. 😇
What's going on? 😁 @4non_Hunter@codingo_#bugbounty
@Masonhck3571@4non_Hunter@codingo_ Yes, even if it wasn’t considered Critical, it should have at least stayed at High or P3.
Moving it from P3 to None after triage is demotivating.
From thinking it would be my first Critical, to getting triaged with P3 priority.
I requested an RAR, mentioning the critical impact — but it still stayed at P3.
Later on, even the P3 severity got cleared. 😇
What's going on? 😁 @4non_Hunter@codingo_#bugbounty
Any help would be appreciated!
I found a vulnerable endpoint from an error that (error) was later resolved -- luckily, I had saved it in Notepad before it disappeared. The endpoint (which I got from that error) is still exploitable and reproducible.
@4non_Hunter@tabaahi_
@fwrnr@tabaahi_ This isn't spoofing at all.
The SMS is sent directly through the company’s official AWS API Gateway(unauthorized), charged to their real SMS provider account, and delivered using their verified number.
The impact is real.
Yet, it went from P3 -> None. 🤔
@fwrnr@tabaahi_ My case is different from what you have mentioned.
1. I can send SMS via official backend and real API.
2. Delivered using company’s real servers and numbers.
3. Company gets charged for every SMS sent.
4. Full phishing, and financial fraud under company’s name.
@tabaahi_@fwrnr I mean that attacker can send any message/link/otp, to any phone number, impersonating the company without any authentication or restriction.
Anyway, but P3->None is not making any sense!
@4non_Hunter@tabaahi_ Yes, I am able to fully control the message body including inserting my own payment link instead of the company’s original link.
I could direct customers to any fake payment link under my control, resulting in financial loss to the users and the company.
I contacted @BugcrowdSupport but they said only an ASE can confirm. Is this a valid submission? Will it be triaged? ID: {efbfe696-12ab-4a61-82c1-8e44b26b22db} I tried looking for Bugcrowd's policy on this but found nothing. @codingo_@Bugcrowd
Waiting curiously.
Any help would be appreciated!
I found a vulnerable endpoint from an error that (error) was later resolved -- luckily, I had saved it in Notepad before it disappeared. The endpoint (which I got from that error) is still exploitable and reproducible.
@4non_Hunter@tabaahi_
I can send messages to any number on their behalf.
The system uses the same endpoint to send OTPs for verification purposes.
I even confirmed it using a real mobile number and successfully received the customized messages.
My first critical? Waiting eagerly!!!
#bugbounty
You don’t need to be the best. You just need to be better than you were yesterday. Keep pushing. Remember, every expert in any domain was once a beginner.
Alhamdulillah guys
Just got $400 for an IDOR vulnerability that exposed customer PII.
Feeling good and learning new things every day.
What an incredible learning experience and a great start to this journey!
#BugBounty