Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Library

Stories

Stats

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

$50K Bounty Just for GitHub Access Token exposure

Mr Horbio
InfoSec Write-ups
Published in
2 min readMar 19, 2025

This vulnerability gives you a thousands of dollar bounty Just finding a Key

Hi Hackers, Welcome back to my another article. Do you think about $50K bounty? If you will get this then How you will spend this bounty? tell me in comments.

Let’s see how he got this $50K dollar bug bounty. I saw a report on HackerOne That shows $50,000 dollar Bounty. I read it and try to understand it , its very simple report you can find same vulnerability on any target.

Firstly see, How he found this vulnerability on Shopify?

He was reviewing an Electron app made by one of Shopify employees, after extracting the app.asar file using npx asar extract path/to/app.asar extracted/path he found .env file ,that .env file contained a GH_Token variable. which is a GitHub token, he tried using it to authenticate against GitHub REST API using curl -H “Authorization: token $GH_TOKEN” -H “Accept: application/vnd.github.v3+json” https://api.gihub.com/user, he analysed that the token is valid and decided to hit the /usr/orgs API Endpoint and he got back the Shopify organization, then hit for /orgs.shopify/repos endpoint to confirm the GitHub token scope and he successfully got back a list containing both Shopify public and private repos with “permissions” : {“admin”: false, “push”: true , “pull”: true} . So its exploitable and enable for him.

How You Can Find This Vulnerability in Your Target?

During Information Gathering phase, You need to focus on the sensitive information. let’s move to the steps:

Step1 : Choose the Target

Step2 : Go to the GitHub , or use automation tool for finding sensitive file. such as .env file, hardcoded code, credentials, API keys etc.

Step3: If You will got this kind of data the try to exploit it.

Step4 : Try to access there sensitive data, gain access.

Step5: Make POC in video and write detailed report so the you can show its risk factor clearly.

using Above Steps you can easily get highest Bug Bounty.

Don’t forget to follow me here for more tips and tricks of Bug Bounty.

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

56K Followers
Last published 16 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
Mr Horbio
Mr Horbio
Follow

Written by Mr Horbio

486 Followers
5 Following

Here u get bug bounty tips and techniques , grow you learning and earn from this world to survive here🌎

Follow

Responses (1)

Write a response

What are your thoughts?

Mohit Kumar

5 days ago

Good finding

--

More from Mr Horbio and InfoSec Write-ups

See all from Mr Horbio
See all from InfoSec Write-ups

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech