How I Found My First 3 Bugs Within An Hour

Hey Everyone, Welcome to my Blog, Today I am going to discuss about how I found my first 3 bugs in .gov websites within 1 Hour So lets begin

So like most other people I was also stuck in a constant loop of learning and watching bug bounty videos but never actually go looking for vulnerabilities in actual websites. Even when I did I tried finding in websites where competition was high.

So one fine day I decided to pick a target and start hunting on it properly as I knew it was hard finding bugs on paid programs I started finding good VDPs and then I came across NCIIPC where we can report any bugs found in .gov websites and even possibly get hall of fame.

You can also try it out as it has very less competition, Find more details about it in the following link:

https://nciipc.gov.in/RVDP.html

And to report the vulnerability found You can fill the given form and mail it to them:

https://nciipc.gov.in/documents/Vulnerability_Disclosure_Form.pdf

So lets talk about how I found the bugs, As I was researching more about the NCIIPC and reading writeups about bugs found on .gov websites I came across a writeup where the author found a broken twitter link in a gov website, The bug is also called broken link hijacking

What is Broken Link Hijacking?

Broken link hijacking is an attack that takes advantage of expired, unlinked, or inactive external links embedded in a web page. For Example There is a twitter link in your website which is not linked to a twitter account, then an attacker could use that username in his account and that would link his twitter account to your website.

So after I came across that writeup I found that bug very interesting and as a beginner very easy to find, I wanted to automate it so I started finding any tools to automate that.

Then I found a tool-: