Hello, welcome to my new article, this article will talk about how I earned 200$ in Bug Bounty Program.

After a lot of studies and practicing on Web Applications Attacks, I started to try check some websites that related to Bug Bounty Programs.
I wanted to share with you the first bounty that I’ve got from HackerOne.

Unfortunately, the site’s company didn’t want me to publishing their name for this article. Because of this reason, I’ll call the target: “testsite” .
Let’s begin!

As everyone knows, there are a lot of testers on the HackerOne platform.
Because of this, I couldn’t find vulnerabilities on “old” websites.
I was thinking maybe the right approach for being the one of the first testers is to test the newest website that joined to the Bug Bounty Program.

I’d like to mention to you that the target’s site name is https://www.testsite.com.
As every tester does, I checked all the functions and all the options that we have in there.
Unfortunately, I could not find anything on the main website of the company’s website.

I ran sub-domain finder scripts (SubList3r for example) that helped me to find all the subdomains that related to the target.
After a lot of research, I got the target, which called: “derech.testsite.com”.
I noticed that this website is a little old and maybe I can find the right vulnerability!

I was checking the functions of this website until I entered to an apply form for a job in the company and I needed to upload a picture of my self (This is where I started to smell my victory).
I filled my personal information until I arrived to upload a picture, here I thought what do I need to do?
Obviously I tried to upload a php script for RCE or other vulnerabilities, I could not to find any injection vulnerabilities.
But I did think maybe there is more vulnerability that I didn’t try and right here I got the idea to try path traversal vulnerability.
You can read about this vulnerability right here:
https://www.acunetix.com/blog/articles/path-traversal/

So while I uploaded my picture, I captured the request and try my luck for path traversal.
As we know, we cannot put some special characters like !@#$%^&<>, After I did this, I got an error with a message of their IP smb server!