Member-only story
How I Got an Appreciation Letter from NASA for Finding a Simple Bug
So this is a story from when I started Bug Bounties about a year ago, when I posted my first blog “How I found 3 bugs in an hours” which went viral.
One day, while scrolling through LinkedIn, I stumbled upon a post from someone in the cybersecurity community who proudly shared an appreciation letter they had received from NASA. Without a second thought, I looked up NASA’s bug bounty program to understand the scope of their testing environment.
I followed the recon process detailed in one of my earlier blogs which included finding the subdomains, using aquatone, filtering the interesting subdomains, etc, and made a mindmap.
Google Dorking: The First Breakthrough
Then I decided to start with Google Dorking, and started with looking for index of pages
site:site.com intitle:index.ofand after some time I found two websites with index pages exposed, This is the part of the report —
I was very happy to find this even though it is a very small bug because I was just starting out in bug bounties back then.
Uncovering a Broken Link Hijacking Bug
I continued my search for vulnerabilities. This time, I employed a tool called SocialHunter, which crawls websites to find broken social media links that can be hijacked. Broken link hijacking occurs when an attacker claims a dead link on a website, potentially redirecting users to malicious sites.
With this I also found broken Link Hijack Bug in one of the Nasa Websites, so I created a report with all of these and submitted it immediately.
