How I Found My First High-Severity Bug and Got Rewarded with 3 Trays of Red Bull!
1 min read
Summary
An individual employed an unusual testing technique which led to a successful outcome as part of a Bug Bounty programme.
Boredom led to the individual watching an anime show, during which an advert prompted them to investigate the Red Bull website.
The investigation involved using a variety of testing techniques, including SQL injection and XSS.
These techniques led to the tester being blocked from the website, but after some effort they managed to get back on to the site.
As a result of the previous frustration, the next test was performed with some haste and lack of care, entering a basic email address into the registration field, which was immediately followed by polling the Burp Collaborator.
This single action uncovered a high severity vulnerability, and provided access to the underlying file path.
The individual informed the Red Bull security team, who were impressed with the findings, confirming the vulnerability, and rewarding the successful tester with three free cases of Red Bull.
The whole process took around an hour, echoing the speed and power of the initial test.
The successful tester has shared this experience online, with links published in the original text.