How i got my seconde Bounty in short time using phone

Hi again,
it was a normal day, i go and smoke a cigarette like every morning,i take a cup of coffee then visite twitter and type bugbountytips to read any new tips there,then after some tips i decide to take a look on Hackerone To see if there is any new -.-

But Before all that let me take you for beginning before one week, i visite company lets call redcat.com , icant say her name becasue repport is not resoled yet, i start searching on that company using my phone and visiting all pages untile i got a page where i can create a project so i make new project then i found and an invite link that i can share with people to join my project.

Note:

On that project there is all people files and chat and some sensentive data that only people who i invite with that link can see.

i save that link and i try to find an exploit or make it look like a vuln so
after some searching i type that link on google search and i was surprised
that the link is on google search page and its added before some days,
how is that possible!
i go and make some search and i find that after some people visite that invite link it be on google search result, and that was great for me not for people who make projects -.- , link was looking like
redcat.com/projectname/invitetoken
so i make simple dork looks like:
redcat.com/*/*

And Yeah it works i could find about 400 new project with all there sensentive data, i repport that and they close my repport as informative and they sad This is not a vulnerability.🥺🥺🥺🥺

Image for post
Image for post
Image for post
Image for post

But i didnt give up, i was sure that it a valid bug, i mean i can access a private projects that i dont have access to and read all data and chat and files in those projects, so i decide to keep updating them and i access one of those projects and got very sensentive data because the project was for company and they
re-open the Repport and decide that its a valid Bug 😎😎😎

Image for post
Image for post

And after 2 days i got a reward for it.

Image for post
Image for post

And i got my seconde reward just using google dork to access those project -.-

i hope you enjoy that write-up if you like it follow me here in meduim for more comming write-up’s soon -.-

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store