+1200GBP made this from Bug Bounty hunting

[DavidLaid]

Hello,

I want to share my earnings from Bug Bounty hunting, i have been learning a lot in the past 6 weeks.

I have been trying to search bugs on one company even when i have ran out of ideas,

i sticked to the same company and weeks later i have found several high security bugs.

I sent it to them and today i logged in PayPal and recieved +1100 GBP + 100GBP they sent me few weeks ago.

My tip would be stick to same company, learn about them, learn about their platform, start testing things and eventually you will find something.

 

Bounty(1100GBP and 100GBP):

 

 

 

This is just start...

I hope that I have motivated at least 1 person to start learning about bug hunting.

[Poosy]

Wow, how do you make sure they pay you?

Negotiate a bug bounty program with them?

[DavidLaid]

Wow, how do you make sure they pay you?

Negotiate a bug bounty program with them?

 

You need to find company which have Bug Bounty program, if they dont i think its illegal to search for bugs on their websites.

For example: hackeroneDOTcom or bugcrowdDOTcom have many programs which pay you for bugs.

[Poosy]

You need to find company which have Bug Bounty program, if they dont i think its illegal to search for bugs on their websites.
For example: hackeroneDOTcom or bugcrowdDOTcom have many programs which pay you for bugs.

Nice. How did you build experience in this expertise?

[R3venantR]

Nice! What sort of evidence do you have to show the company or the bug bounty program? Do you need to detail exactly what you did, or just point them in the direction? And do those bug bounties, like hackerone set the reward amount, or is that down to the company you target to offer an amount based on what you find? I mean 1200 is no laughing matter, well done.

[worlockt]

This is a good start.

6 weeks time and you earn good figure.

Keep improving.

[DavidLaid]

Nice! What sort of evidence do you have to show the company or the bug bounty program? Do you need to detail exactly what you did, or just point them in the direction? And do those bug bounties, like hackerone set the reward amount, or is that down to the company you target to offer an amount based on what you find? I mean 1200 is no laughing matter, well done.

 

To prove you found valid bug you need to send them valid Proof Of Concept (PoC) which explains how the bug could impact their customers or them.

hackerone is just platform in the middle, the amount of reward you will recieve depends how big the impact is, but XSS is usually 500-5000$(reward also depends how big the company is because of their budget)

Then you can withdraw via hackerone to btc/paypal/bank...

[Hynk7]

Holy fucking shit, that's a lot of money.. 

 

Congrats dude and thanks for sharing this with us. I might try it myself.  

[R3venantR]

To prove you found valid bug you need to send them valid Proof Of Concept (PoC) which explains how the bug could impact their customers or them.

hackerone is just platform in the middle, the amount of reward you will recieve depends how big the impact is, but XSS is usually 500-5000$(reward also depends how big the company is because of their budget)

Then you can withdraw via hackerone to btc/paypal/bank...

 

Nice, thanks for the info. Good luck with your future bounties. Definitely something to think about.

[vfgerhgg]

That;s sick bro