Have you recently entered the world of bug bounty hunting and are having trouble locating your first bug?

Don’t worry, you’re not alone. It’s a common challenge that requires persistence and dedication. In this article, I have prepared some helpful tips to guide you on your bug bounty journey.

First and foremost, it’s essential to take your time to research the application. Don’t rush directly into testing bugs. Instead, take some time to register on the app, look around, and see if you can create new users with different roles, upload any docs, export something into PDF, or call external services using webhooks.

Just play with the app like a regular user, and start questioning yourself:

• What will happen if a regular user can access this admin section?
• Can a non-admin user view this secret doc?
• Can a user upload non-basic doc types, such as PHP files in a PHP application?
• Is it possible to inject HTML tags into exported PDFs, and if so, is it possible to read internal files using an <iframe> tag?
• Is it possible to call localhost when creating a new webhook, or even an AWS metadata address?
• Does the app require an old password for changing the password or email, if not, then is it possible to find XSS somewhere to achieve full ATO (Account Takeover)?
• What kind of stack app is built with, what are the versions, and are there any vulnerabilities / CVEs with PoCs?
• Are there any file paths in URL params or POST body, that can be tested for LFI (local file inclusion) vulnerabilities?
• Is there any premium subscription plan that gives benefits, can these benefits be achieved using a normal user without a subscription?

Questions like these can help you identify potential vulnerabilities and give you a better understanding of the app’s security.

It’s also important to stay focused during your testing sessions and not get distracted by other things. Try not to spend too much time on one program in a row.

Taking breaks in between testing sessions can help you stay fresh and maintain your focus. For example, 2 hours on one day and 2 hours on another day are better than 4 hours on one day, since your brain needs to take some time to analyze information.

Don’t get discouraged if you don’t find any bugs right away — it can take some time and practice to develop a good eye for vulnerabilities.

Remember: bug bounty hunting is a journey, not a destination. Keep learning and improving your skills, and eventually, you will start to see results.

Best of luck! 🍀