Year in Progress - 2022
Welcome to my blog, as this is my first post here!
I wanted to jump on the bandwagon and start tracking my activities in the hopes that it might be helpful to someone else on their journey. Inspired by @Kuldeep's post, I am going be tracking my findings on various bug bounty platforms within this post. This page will remain up-to-date with links and summaries of my activities through the end of 2022 so come back here for a full picture, but check out each link for specifics on how I found and exploited various bugs and how I reported them along with my recommendations.
Bug Submissions
- Access Control Violation - Create Wiki Pages - $522.50
- Stored Cross-site Scripting in MediaWiki - $1090
- Remote Code Execution in .tgz File Upload - $3100
- Access Control Violation - Sensitive Data Exposure - $444.50
- Access Control Violation - IDOR - $104
- Ivanti EPM Remote Code Execution - $6500
- Upcoming - Access Control Violation - IDOR - $154
- Private Program Requested No Details Be Released - IDOR Read/Write in Critical Functions - $2000
- Access Control Violation - $1500 - Write Up To Come
- SQL Injection Full Read/Write/RCE - $3000 - Write Up To Come
Current total from 2022 bounties: $18,415
