First Bug report as a beginner in Bug Bounty
Hi,
This is my first bug reported in hackerone, i am writing this on own with my English no AI involved š
I donāt think people are interested in my journey, donāt worry i will make it very simple, during my engineering (2104ā2018) i was very much interested in bug hunting and hacking stuff but i donāt know where to learn what to do, i keep on regretting for not learning or starting this journey, finally after 6,7 years i started it now (2024) and yeah found my first bug, itās a VDP program so no bounty just thanks š« but yeah as a beginner it is a great achievement šŗ
Letās jump into issue, i started exploring the opportunities in hackerone and found a VDP program.
And downloaded their scope and extracted all the domains.
- i used subfinder and assetfinder to get the subdomains
- Used httpx to check those subdomains working or not
- My first search is for any subdomain takeover vulnerability
- I used tools like subzy and subjack and found a subdomain mapped to heroku.
- I created a heroku app and added that unclaimed subdomain to my heroku app
- And successfully taken subdomain.
Thereās a twist here, i will explain it once the issue is resolved.
I reported it and still it is in new state , not yet fixed. Waiting for them to reply. Once i got the update i will update the post here with more details.
Thanks for now ā¤ļø