Hello!! This is my first article, and I really hope you enjoy it! From June 2021, I began looking for issues on the websites.
So, one day after submiting many Report where some got accepted and Rejected, I was just showing/telling my sister about the BugBounty and clicked on the website from my google dork and by looking at the Hall of Fame I said “I can’t find the Bugs in these websites, which is already tested by HOF peoples” and while saying this one I was running a tool called findomain-linux on https://grofers.com.
Enumerate subdomains of a target with findomain
This tool is just awesome and helps you to find many and many subdomains. If you scope is *.domain.com you should use findomain.
Then I saw that no website is hosted in https://offers.grofer.io and thought that is vulnerable(saw same images on other posts saying that It might be vulnerable). Then I tested manually for the CNAME with the command host and dig. Then i got to know that the domain is not pointing to any website which was hosted in UNBOUNCE.
Then I registered there and hosted a website with my name and templete then I used the custom domain as https://offers.grofer.io.
Hosted and I was like,
Then I prepared a report with all of the information and mailed it.
I received a response from them two days later, following which I received communication from them once a week, once a month, and finally once a month, as my interest in finding bugs in other sites waned.
Finally, the issue was fixed, and a prize of INR 10,000 and swags was awarded.
Now that my interest is ignited, my mind wanders to the bugs even when I’m studying for examinations.
So, don’t feel bad if your reports are denied, and don’t think you won’t be able to find bugs on the most popular sites.
Thank you for reading the article to the end, I hope it will be useful for you and will help you to find more vulnerabilities! Feel free to ping me on Twitter!
I would like to thanks all hunters and Bug Bounty community ! Write-up and PoC are essential to learn ❤