3 Vulnerabilities Worth $$$

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Hello guys! My name is Tuhin Bose (@tuhin1729). I am currently working as a Chief Technology Officer at Virtual Cyber Labs. In this write-up, I am going to share how I earned $$$ from a bug bounty program for reporting 3 vulnerabilities to them. So without wasting time, let’s start:


The application is contact information management website where users can login to their google account and it’ll fetch their contact information from that google account so that they can access it anytime and from anywhere even if they lose access to their phone. They also have an premium feature in which you’ll get some extra feature like syncing contact from multiple google accounts, scanning and saving business cards as contacts etc. They have also an referral feature through which you can refer to your friends and get some premium features for free.

My Approach:

I created an account there. After testing several vulnerabilities (from my checklist), I started testing the profile picture upload section. So the flow of the profile

Read the article