Today I am gonna tell you how I got $$$ bounty. On that day i was founding any good bug bounty program which have a wider Scope. So my search Ends on Mamba Bug Bounty Program.
So as we all know the first Step is sharpen the Axe before cutting the tree 😐 i mean just start Recon On my target https://mamba.ru :). So after 1 hour I take a sight on its Subdomains.
There is a subdomain like https://bot.mamba.ru. That looks like Dummy bot Chat Subdomain 🎃 as you can see below
What can i do there ??? Lets chat to the bot Lmfao 😆
While sending message on bot Chat i intercepted and tried to inject XSS but nothing happened
Lets Move on To new target its Just Bot Chat :( …
No try to a host header injection… But the result is nothing.
And then accidentally I removed the Host Header From the Request and boooomm…In Error I got Source Code Path Disclosure Which is because of Server Side misconfig. If that was properly configured i got 400 bad request But i got 401 error with sensitive information as you can see below (i hide the path)
Hence I reported The bug to mamba security Team. They Responded me after 1 day Informing me That they are rewarding me $200 for this bug 🙏.
Thanks For Reading
#keepHunting
