Open in app

Sign in

Write

Sign in

How Much Was My First Bounty?🤑

AJAK Cyber Academy
2 min readJan 9, 2024

--

Hi, Ajak Amico’s welcome back to another blog today, I will show you How Much was my first bounty and report. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇

Follow our Youtube Channel: @ajakcybersecurity (354 Videos)

Follow on Instagram: @ajakcybersecurity

What is my first bug?

My first bug was Insecure direct object references (IDOR). A type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. IDOR vulnerabilities are most commonly associated with horizontal privilege escalation, but they can also arise in relation to vertical privilege escalation.

Title: IDOR

Impact: Can Unsubscribe newsletter of any email of REDACTED: organisation.

Steps To reproduce:

  • Register and log in with your credentials
  • Give Your email id in Newsletter for further updates
    go to mail, which was sent by Redacted.com and click the unsubscribe
    You will get the following parameters:
  • https://Redacted.com/account/en-GB/unsubscribe/confirmation?a=a3a4b8d7–94fe-4c73-ba3
  • Before clicking the unsubscribe button turn on the burp suite, capture the request and check the post and GET requests parameters like name, and Email.
  • In my case, it was the GET request

https://Redacted.com/account/en-GB/unsubscribe/confirmation?a=a3a4b8d7–94fe-4c73-ba32-b25c&e=attacker@gmai1.com,

  • Now change the email address attacker@gmail.com to victim@gmail.com. By doing so, I was successfully able to unsubscribe the victim’s email address
  • With this vulnerability, we can unsubscribe Newsletter of any email. Finally, I reported the bug to that organisation, and they gave a bounty amount of €50.00(5000INR) GBP.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

Hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️

“கற்றவை பற்றவை🔥”

Learn Everyday, Happy Hacking 😁🙌

https://www.buymeacoffee.com/Ajak

Join Medium Membership via My referral😁👇

https://medium.com/@ajaksecurity/membership

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Follow our Youtube Channel: @ajakcybersecurity

Follow on Instagram: @ajakcybersecurity

Cybersecurity
Bug Bounty
Hacking
Penetration Testing
Ethical Hacking

--

--

AJAK Cyber Academy
AJAK Cyber Academy

Written by AJAK Cyber Academy

2.8K Followers
0 Following

🚀 E-Learning Cybersecurity Platform🚀 Security Researcher @UK|| DFIR Consultant||Youtuber|| Instructor|| Blogger || https://ajakcyberacademy.com/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams