The bug bounty program which this vulnerability was discovered on has not allowed for public disclosure, therefore I will not be directly naming the program involved.

What I can say — this was discovered on the main scope of one of Hackerone’s longest-running, largest bug bounty programs. Multiple of Hackerone’s live hacking events have included this program’s scope in the past.

Needless to say , it’s a very hardened company with a world class security team and tons of expert hackers targeting it throughout the years — which makes it even more surprising that this vulnerability existed.

Part 1: Recon

Typically for…


big hax

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store