Hello everyone,
I’ve never written an article before. I’ll be discussing how I obtained my first bounty in this my 1st essay. I am cyberOjas and I am a penetration tester.
I was finding bugs from January 2024 but not serious just P5 bugs or sometimes duplicate or Not Applicable. after 3 Months of Bug Hunting i Found My 1st Valid P4 Vulnerability Called No Password Policy
No Password Policy :
The “No Password Policy” bug essentially means that there are no restrictions or guidelines enforced when users set their passwords during the registration process. This lack of oversight allows users to choose passwords that are extremely weak and easily guessed, such as “123456,” “qwerty,” or even the word “password” itself.
It was unexpected and worrisome to find a website’s no password policy bug throughout the signup procedure. I reported the vulnerability right away, fully expecting it to be labeled as a duplicate or as low priority (P5). But on March 8, three days later, I got an email from Bugcrowd telling me that I had won $100 for making this discovery. I was so surprised! It showed me that even small things can make a big difference to receive a bounty.
Thank you for taking the time to read my write-up. This is just the beginning, and I’m excited for more rewards to come! Remember, keep hacking, keep learning, and keep helping others.
Thank You :)