Finding bugs in public bug bounty platforms can be an arduous task. After countless sessions of trying and giving up , I decided to change my approach. I resolved to find a bug, no matter what. This determination led me on an intensive journey of website enumeration.
About 30–40 minutes into my search, I stumbled upon a link that stood out from the rest. The link contained ‘SFTP’ in its domain and directed me to a login page. Intrigued, I began experimenting with failed login attempts and intercepting the requests. Typically, dropping these packets results in an error, but this time, it led to a startling discovery: I had successfully bypassed the login and gained access to the SFTP gateway. Secure File Transfer Protocol (SFTP) is widely used to safeguard the exchange of sensitive information across the internet.
With access to the SFTP gateway, I could add new users and manage the uploading of scripts and files to the server. This was a severe bug, warranting immediate attention. Excitedly, I prepared my first bug report, ready to submit it on the platform. However, there was a twist — I wasn’t verified to submit the report. The verification process took an entire day, delaying my submission by 24 hours.
This article recounts the discovery of this critical vulnerability, highlighting the importance of persistence, keen observation, and thorough testing in the realm of cybersecurity.
