How I bagged my First Bounty while hacking Trading platform
Mar 15, 2021
Introduction:
As a security researcher, i continuously submitted bugs on various platforms. All are beacame duplicate submissions. i revised my concepts and work on No rate limit Vulnerabilities. i tried on hackenproof platform this time and hit the server and bagged a bounty of $200 USD.
Steps to reproduce:
- Go the url and login
- go to user settings and edit name as attacker
- capture the request in burp.
- send that post request to intruder
- By selecting 100 null paylaods send this post request to server 100 times
- i successfully hit the server 100 times and changed the username 100 times
- there is some limit to change the username/password/email
- they confirmed the issue and given a bounty of $200
screenshots: