Accidentally finding a $50,000 vulnerability - Augusto Zanellato - Bug Bounty Reports Discussed #2
Bug Bounty Reports Discussed
English - September 30, 2021 08:00 - 26 minutes - 24.3 MB - ★★★ - 3 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Finding bugs in Google VRP without recon - David Schütz - BBRD #01
✉️ Sign up for the newsletter: https://mailing.bugbountyexplained.com/
This podcast is an interview with Augusto Zanellato, the hacker who submitted report with a GitHub rest API token leaked which had access to Shopify's Github account. It was reported on Hackerone to Shopify and Augusto got $50,000 for it. The best thing is that he didn't even look for a security issue.
Link to the report explained: https://youtu.be/TOgIgD0KUVs
The report on Hackerone: https://hackerone.com/reports/1087489
Subscribe to Bug Bounty Reports Explained on YouTube: https://www.youtube.com/c/BugBountyReportsExplained/
Augusto's media:
https://twitter.com/auguzanellato
https://hackerone.com/augustozanellato?type=user
https://github.com/augustozanellato