The story of out-of-scope to $2137 dollar bounty in bugcrowd private program π
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihN0PUt4Kwu54LH0Q6uJHeEQ56pahUKEPT9A5oKR-0dYRLPBuD4DkhlzbgK3Jqwb4cIy70Qvxfm2bsLL0o5ryWMWqQS5mHe04s_C15QFR8l5KVbPRMQ5N8D9tYCogsuaxLLYd2b53JILM6/s320/IMG_20210828_151818.jpg)
Hello fellow hackers, hope everything is going fine. Today i will talk about "how i found critical idor which leak user critical PII" This was my recent Finding on bugcrowd private program so i can't disclose program name but i will take redacted.com as example. without further ado lets jump to the discussion . Can you ever Imagine a single referer url can give you a critical bugs with P1 bounty? Sounds crazy huh! But this the truth. but how? Ok let me tell you a crazy story about thatπ During Ead-Ul-Adha cerebration i got some private invite on bugcrowd, there was one fresh on-going program which have wild-card scope but i was little bit late, after one months later i decide to test this so i picked this and start basic recon for try to find low hanging fruits.but in the end nothing touch in my hand. Then i decide to test manually, i fire up my burp proxy and start capturing all request, i create account and analyze all request, But then i got some error while making