How I Made $3000 in Bug Bounty from $0.65 Invested

Introduction

Bug bounty hunting can sometimes yield unexpected results.

When I first tested a domain registrar’s website, I found a few vulnerabilities. However, I wondered how many people actually bought a domain to push testing further. I spent $0.65 on a domain, which led me to discover two XSS vulnerabilities and one SQL injection. This small investment turned into a $3000 payout.

In this article, you will learn:

• How a minimal investment can yield significant results.
• The importance of exploring deeper in bug bounty hunting.
• Real-life examples of vulnerabilities discovered.

Let’s dive into the details.

Don't forget to check out my project on my hacking notes. — -> https://www.hacking-notes.com/

The Initial Exploration

My bug bounty journey began with a well-known domain registrar’s website. Like many bug bounty hunters, I started by performing a reconnaissance of the site, mapping out its structure, and looking for common vulnerabilities. Initially, my findings were minimal. The website seemed to have decent security measures in place, but after a few days of testing, I didn’t discover anything noteworthy.

It was frustrating, but I knew that the most rewarding discoveries sometimes come after persistent effort and creative thinking. I decided not to give up and to look for a new angle of approach.

The Investment

In bug bounty hunting, creativity and persistence often pay off. After some contemplation, I realized that buying a domain could unlock more testing potential vectors. This would allow me to access features and functionalities that weren’t available to non-customers. The cost of a domain was only $0.65, a very small price to pay for the possibility of uncovering significant vulnerabilities.

I decided to go for it. By making this small investment, I gained access to a customer dashboard and additional features, opening up a new realm of possibilities for testing.

Discovering Vulnerabilities

With my new domain, I began exploring the customer dashboard and its associated features. The decision to invest in a domain quickly proved worthwhile.

XSS Vulnerability 1: The first vulnerability I discovered was a Cross-Site Scripting (XSS) issue in the domain transfer function. I could execute arbitrary JavaScript code by injecting a script into the transfer URL. This allowed me to take over users' accounts logged into the website simply by sending them a malicious link.

XSS Vulnerability 2: The second XSS vulnerability was found in a parameter that was being reflected on a page. Similar to the first, it allowed for the injection of malicious scripts. This vulnerability was particularly dangerous because it also allowed for account takeover by sending a crafted link to a logged-in victim.

SQL Injection: The most critical vulnerability I discovered was an SQL injection in the domain search functionality. By manipulating the input parameters, I could execute arbitrary SQL commands. This vulnerability could expose sensitive data, modify database contents, or even take control of the entire website’s backend. The severity of this vulnerability made it a high-value find.

After discovering the initial vulnerabilities, the motivation I regained from finding them drove me to continue my search. Over the course of one month, this renewed enthusiasm led to the discovery of six additional bugs, including both stored XSS and other XSS vulnerabilities. I’ll write a separate blog post to explore the most interesting and critical of these new findings in more detail.

Reporting and Rewards

Reporting these vulnerabilities to the domain registrar was a straightforward process. I provided detailed descriptions, reproduction steps, and potential impacts for each vulnerability. The company responded promptly and acknowledged the critical nature of the issues I had found.

The rewards were significant. For the 9 bugs, I received a grand total of 3000$. In total, my $0.65 investment turned into a $3000 payout.

Lessons Learned and Tips for Bug Bounty Hunters

This experience taught me several valuable lessons:

1. Small Investments Can Yield Significant Results: A minimal financial investment can unlock new testing opportunities and produce substantial rewards.
2. Persistence and Creative Thinking Are Key: Don’t give up after initial setbacks. Approach the target from different angles and think outside the box.
3. Explore Beyond the Obvious: Sometimes, deeper exploration and accessing additional features can reveal hidden vulnerabilities.

For other bug bounty hunters, I recommend considering small investments that might open up new testing opportunities. Always approach your target with persistence and creativity, and don’t be afraid to explore beyond the obvious functionalities.

Don’t forget to check out my Hacker Roadmap project. — -> https://www.hacking-notes.com/hacker-roadmap

Conclusion

To summarize, my $0.65 investment led to the discovery of significant vulnerabilities, resulting in a $3000 reward. This experience highlights the importance of persistence, creativity, and digging into bug bounty hunting. Small investments can yield significant results, and thorough testing can uncover valuable vulnerabilities.

As a natural next step, consider exploring more advanced bug bounty techniques or investing in additional tools to enhance your testing capabilities. The world of bug bounty hunting is full of opportunities for those who are willing to dig deeper and think creatively.