Member-only story
Oauth Misconfig — Leads to Account Takeover
Hello Infosec Community,
This is my first writeup for the vulnerability that I reported and got the first bug bounty amount.
Let’s Start:)
How i Found the Target?
I am a part-time bug hunter who loves to hunt bugs on web applications. After plenty of duplicates, not applicable in bug hunting platforms, I decided to hunt on RVDP programs where there will be less competition. I reported bugs and got some thanks mail and few hall of fame for securing the application.
After some time I started to hunt for websites randomly, like we use some web applications in our day-to-day life. I practiced on those websites that don’t even have RVDP programs or any security team. I reported the bugs to them, but as we all know, there is no response from many companies — Struggle Bug Hunters Face. But still, there are companies out there who respect bug hunters❤️
I selected a website like that and started basic scanning and reconnaissance. I will be using example.com as the website name.
