My first bounty

Simple start

My first bugbounty was one that really surprised me. I am a cybercrime student so I'm used to 'heavy caliber' vulnerabilities like buffer overflow and code injection and as usual I was looking way to hard for something. Then, when I was so determent I was never gonna find something, I went to example.com and I tried some stupid things while I was eating at school with friends.

I tried example.com for 30 minutes and whilst playing around I found 2 things! There was improper access control and XSS.

Starting with the first one, I was able to continue on the website by deleting a div that asked me to log in... EASY RIGHT?!?!? I submitted this and later they responded that it was a duplicate XC damnit! This could have been my first bug bounty :c

But then the second one came around: I found that if you typed <script>alert(1)<script> in a search box, it was reflected somewhere on that page..... TADA easiest XSS ever! I immediately submitted this and 1 hour later they responded!

I was awarded a $100 bounty! I keep nagging them about pubicly disclosing the bug on hackerone because it is so easy and I want to encourage people to look for these things instead of going after the big ones.

So that's the story behind my very first bug bounty. From here on out I knew this was my fate and I continue on to this path until this day.....

TO BE CONTINUED...