Daniel, a 15-year-old bug hunter, discovered a vulnerability in Zendesk that allowed attackers to access support tickets from Fortune 500 companies. Despite reporting the bug to Zendesk’s bug bounty program, they rejected it initially. Daniel escalated the issue by demonstrating how the bug could lead to a full Slack takeover, replicating a past exploit with some challenges to overcome. After reporting and getting companies to patch the issue, Daniel earned over $50,000 in bounties. Zendesk eventually fixed the vulnerability but refused to award a bounty due to Daniel sharing the vulnerability with affected companies. Overall, the bug hunting journey was filled with challenges and frustrations but ultimately successful in exposing a major security flaw.
https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52