How I got my first bounty

The journey from duplicates, P5, NA, Out of scopes to a valid P4 bug was really challenging. I did a lot of mistakes, corrected them, learnt from them and finally I was able to find a bug on a private program.

I had accepted invite of few private programs on bugcrowd so thought of hunting on one of these programs.

In the program, just few websites were in scope so I opened a website, checked what all technologies the website was using and found that it was a wordpress site so I knew what all bugs I need to hunt on it but before doing that, I thought of doing some recon. I opened dirsearch, gave the url there and I got some really interesting information.

In some minutes, I got few files which were revealing the user information. So, I submitted the report of the findings and the bug got triaged within 2 days. I was really happy cause that was my first valid (non duplicate) bug.

And today, got the email about the bounty. I was extremely happy to find a valid bug after so long.

Be patient, keep learning and keep hunting, you will surely get the bugs :)



Security Researcher | Bug Bounty Hunter | Trainer | Pentester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store