Week 3 - Testing new targets

Overall Results

Task/day Bug bounty Programs
hackerone, private program * 1, line android app + web app * 1 1 * low => h1
shopify 1 * low => h1
shopify 2 * low => h1
learning + shopify ssrf testing /
shopify ssrf + race condition testing 1 * med => h1
shopify idor + ssrf + permission testing /
Reports Hackerone Bugcrowd Private Programs
P1-P2 2 1 1
P3 2 0 0
P4-P5 17 5 1
Duplicated 9 2 0
Pending 1 0 0
Traiged 4 0 0

Total paid bounty $ 1,828 USD (+500)
Pending bounty $ 4,500 USD

Thoughts

Focus on high value targets, look for database dump.

Dont work on small goals, they dont pay much and very time consuming. Try to hit the jackpot instead of working 10x small goals.

Dig very very deep instead of fast scanning all targets.

There are lots of scanners do better jobs than you on basic scanning. If you need to find something very valuable, you need to dig very very very very deep.