Hello everyone. My name is Anishka Shukla. I am a security researcher, penetration tester and bug bounty hunter. I am into penetration testing for about more than 2 years and started bug bounty hunting few months back.
I submitted my first bug in August, 2020 to TripAdvisor. Well, that was a P5 bug so didn’t get any points for that. I was just exploring bugcrowd platform at that time. After that, I submitted a lot of bugs but most of them were P5. Some were also P3 and P4 too but they were duplicate so didn’t get points for that either (bugcrowd new point system).
I was really sad due to the news of the covid and all that negativity that I didn’t do bug hunting the whole day but at night, I decided to do it.
As I was very familiar with dell so I thought to check that again and see if I could get some bug. I had all the recon data such as subdomains, parameters, waybackurls etc.
I checked the subdomains and thought to see if I could get some interesting or juicy information.
I opened dirsearch, given the url there and was waiting to see if I could get something interesting. After some time , I found some interesting endpoints which were giving me some interesting information which should have been hidden. So I immediately submitted the report to Bugcrowd.
Note — Make sure to search for the bugs on the subdomains as well.
Reported the bug on 22nd April 2020 but It was marked as duplicate. As it was marked as P2 bug so got 5 points for it. Someone reported the same bug just one day before. So that’s how I get it. Sometimes something good happen when you least expect it and that’s life :)
So, If you are someone who is just starting with your bug hunting journey, you will get a lot of duplicates and that is okay because it is just a part of learning. Make sure to never give up and keep learning. You will surely get your first valid bug :)
Thank you so much for reading :)