Member-only story
How I Found My First High-Severity Bug and Got Rewarded with 3 Trays of Red Bull!
Free link🎈
Hi there!😊
“Bug bounties are like treasure hunts for hackers — and sometimes, the reward comes in the form of energy drinks.” — A nice quote by our legend, ChatGPT.😎
After many failures, I want to share my first win in the bug bounty world, where I found a high-severity vulnerability, helped secure a major brand, and received an unforgettable reward.
The Unexpected Start
My boringgggggggg day😒 began as usual, nothing exciting… So, I started watching my favorite anime, Naruto. Meanwhile, an ad popped up on TV: “REDBULL GIVES YOU WINGS!”😶🌫️ That caught my attention, so I decided to check out their website.
I tried various tests like SQL injection, XSS, and so onnn. Surprisingly, i got bounslyy my IP got blocked. After changing my network settings, I lazily attempted to sign up on the login page. Too lazyy to open my Gmail or use a temporary email, I did something simple but powerful.
The Discovery
In the email field, I entered:
id@burp.collab.com
I set a basic password like 123456, submitted the form, and then polled my Burp Collaborator. To my surprise, I received an SMTP response:
groups=1002@burp.collab.com
For confirmation, I tried again:
In the email field: pwd@burp.collab.com
After submitting, I checked Burp and got another SMTP response, but this time with a file path:
/var/.../.../@burp.collab.com
I immediately reported the finding to the Red Bull security team, and they responded within an hour!
