Unveiling a Unique Bug: The Quest for Website Vulnerabilities

Greetings esteemed hackers and readers,

I hope this blog finds you well. Today, I am delighted to share my discovery of an intriguing bug that I recently encountered on a website. Regrettably, I am unable to divulge specific details about the website in question. Without further ado, let me recount the fascinating tale of how I stumbled upon this bug.

On a fine day, while perusing HackerOne’s blog titled “A Guide to Subdomain Takeovers,” a particular topic caught my attention: Second-order subdomain takeovers, also known as Broken Link Hijacking. Surprisingly, this common bug tends to be overlooked by many bug bounty hunters. Fueled by curiosity, I decided to embark on a manual investigation, presuming that previous automated testing might have missed something. I had hope that my meticulous examination would reveal a hidden gem.

Two days passed, yet my efforts bore no fruit.

Five days transpired, and still, my search remained fruitless.

Nearly a week elapsed, and I was on the verge of conceding defeat.

However, seasoned bug hunters often advise investing as much time as possible in thoroughly scrutinizing a target website. Their wisdom resonated within me, compelling me to persist and remain steadfast in my testing.

Finally, a moment of joy and elation! I unearthed a profound issue — a deep link, present at the footer of the website, that redirected to an expired domain. Initially, I feared that reporting this might be duplicated. To my great fortune, the report was promptly triaged and addressed within a mere 10 minutes. I commend the swift and pleasant response from the dedicated team. My sincerest gratitude goes out to them.

In conclusion, this bug serves as a reminder of the importance of meticulous testing and perseverance in the pursuit of website vulnerabilities. Stay tuned for more captivating tales from the realm of bug hunting.

Thank you for joining me on this exhilarating journey.

Best Regards,

Sarthak