March 14, 2020 · Bug Bounty Thoughts
Week 3 - Testing new targets
|Task/day||Bug bounty Programs|
|hackerone, private program * 1, line android app + web app * 1||1 * low => h1|
|shopify||1 * low => h1|
|shopify||2 * low => h1|
|learning + shopify ssrf testing||/|
|shopify ssrf + race condition testing||1 * med => h1|
|shopify idor + ssrf + permission testing||/|
| Reports | Hackerone | Bugcrowd | Private Programs |
| P1-P2 | 2 | 1 | 1 |
| P3 | 2 | 0 | 0 |
| P4-P5 | 17 | 5 | 1 |
| Duplicated | 9 | 2 | 0 |
| Pending | 1 | 0 | 0 |
| Traiged | 4 | 0 | 0 |
Total paid bounty $ 1,828 USD (+500)
Pending bounty $ 4,500 USD
Focus on high value targets, look for database dump.
Dont work on small goals, they dont pay much and very time consuming. Try to hit the jackpot instead of working 10x small goals.
Dig very very deep instead of fast scanning all targets.
There are lots of scanners do better jobs than you on basic scanning. If you need to find something very valuable, you need to dig very very very very deep.