1. A few days ago I found some time for bug hunting, as I said in my previous newsletter at cristivlad.substack.com which I post every week.
2. I keep getting private invites on @intigriti and a few other platforms.
3. I took a program that was just launched, and I did not want to go deep at first. It is wide-scope, so I focused on recon. A large chunk of my recon methodology is in my Recon course. Look it up if you're interested.
4. I took a generic approach, doing subdomain enumeration, then I fuzzed for interesting files on all domains.
5. I filtered for 200 OK and looked up the results with interesting lengths.
6. One of them was a .yml file in the root of a subdomain. It was loaded with credentials and configs.
7. I didn't submit a report right away because:
- it was late evening and I preferred going to sleep
- I thought it had already been reported
8. I submitted the report the next day; and a day later, to my surprise, it got accepted and I got $800.
- no further questions asked, no back and forth
- straightforward professional triage
I'll be looking more into it daily; usually, after I finish my pentests.