March 5, 2020 · Bug Bounty Thoughts
Week 2 - Found something interesting
Overall Results
| Task/day | Bug bounty Programs |
|---|---|
| android private program , kiwi android apps, netflix recon, nordvpn dns scanning | found 2 vul, submit to h1, google |
| bug bounty on uber, comcast | found 2 vul, submit to h1, bugcrowd |
| bug bounty on cisco, google | found 1 vul, submit to cisco |
| bug bounty on cisco, netflix, starbucks, youtube | found 1 vul, submit to bugcrowd, resubmit 1 issue |
| bug bounty on starbucks | found 1 vul, submit to h1 |
| Reports | Hackerone | Bugcrowd | Private Programs |
|:---|---:|---:|---:|---:|
| P1-P2 | 1 | 0 | 0 |
| P2-P3 | 1 | 0 | 0 |
| P4-P5 | 13 | 5 | 1 |
| Duplicated | 8 | 2 | 0 |
| Pending | 2 | 1 | 1 |
| Traiged | 4 | 0 | 0 |
Total paid bounty $ 1,328 USD
Pending bounty $ 1,000 USD
Thoughts
Avoid any verizon bug bounty program.
- already too much hunters, & they dont pay well under new program rules. ( I submitted few issues, some of those they fixed and not paying for that, some are low vul issue and not paying too.)
Small scope private + new programs are good place to start.
- Like only 1 website + few CRUD apps.
- But dont spend too much time in it. Caz usually there is not much attack surface to test.