Member-only story

How I Found open-redirect vulnerability using virus total?

Bug hunter balu
2 min readNov 17, 2024

actual worth 500$ based on program bounties

Hi everyone, i am back with another writeuup.

this time i will explain how i was found the openredirect using virustotal.

its yeswehack bugbounty program,it has only two domains in scope.

i got duplicate after reporting, but they alloted points for finding .some

one more faster than me. but its ok.

lets name it as doordie.fr, like every hacker i start recon on domain

using wappalyzer ,shodan, xnl reveal, trufflehog, link gopher.

no use, i did not find anything interesting.

at that time i decided to take break sometime, in this break time i was start

scrolling twitter regarding latest bug bounty content, mostly i used to filter

twitter posts with some particular words like……

“bug bounty”

“bug bounty tips”

“cve”

“ bugbounty writeups”

for example technology based, here i take AEM (content management serivce)

“AEM bugbounty”

change the name based on your requirement, i hope its helpful

lets back to your topic…… when i was scrolling twitter i found

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Bug hunter balu
Bug hunter balu

Written by Bug hunter balu

cybersecurity web3 enthusiast<--->web3 learning [35% loading] crypto currency trader<-->investor body building

Responses (3)

Write a response

Hey man...I wanted to info u that your api key is being leaked in the link..please change the link before some one misused it..

Can I use your api key..I don't have one 😅😅
Nice blog btw 🫡

can I have your whatapp account?
hope to talk with you deeply, bro

Lol it's waste until you find in a important endpoint