First Bug report as a beginner in Bug Bounty

Manikanta G
1 min readOct 7, 2024

--

Hi,

This is my first bug reported in hackerone, i am writing this on own with my English no AI involved šŸ™ƒ

I donā€™t think people are interested in my journey, donā€™t worry i will make it very simple, during my engineering (2104ā€“2018) i was very much interested in bug hunting and hacking stuff but i donā€™t know where to learn what to do, i keep on regretting for not learning or starting this journey, finally after 6,7 years i started it now (2024) and yeah found my first bug, itā€™s a VDP program so no bounty just thanks šŸ«  but yeah as a beginner it is a great achievement šŸ•ŗ

Letā€™s jump into issue, i started exploring the opportunities in hackerone and found a VDP program.

And downloaded their scope and extracted all the domains.

  1. i used subfinder and assetfinder to get the subdomains
  2. Used httpx to check those subdomains working or not
  3. My first search is for any subdomain takeover vulnerability
  4. I used tools like subzy and subjack and found a subdomain mapped to heroku.
  5. I created a heroku app and added that unclaimed subdomain to my heroku app
  6. And successfully taken subdomain.

Thereā€™s a twist here, i will explain it once the issue is resolved.

I reported it and still it is in new state , not yet fixed. Waiting for them to reply. Once i got the update i will update the post here with more details.

Thanks for now ā¤ļø

Manikanta G

--

--

No responses yet