Member-only story
💰 $9,060 OS Command Injection — Private Bug Bounty P1 | 2023
🔥 The Thrill of Finding a P1 Bug
Every bug bounty hunter dreams of that one big find — the kind that lands you in the P1 category with a massive payout. Well, this was one of those moments! A single OS command injection vulnerability in a private bug bounty program scored me a $9,060 reward. Here’s the full breakdown.
🎯 Target & Scope
The target was a network device running custom firmware. Since it handled critical operations, any security flaw could mean serious real-world consequences. My goal? Find a way to inject system commands and gain control.
🔍 How I Discovered the Vulnerability
During testing, I noticed a parameter accepting user input but failing to sanitize it properly. This immediately raised a red flag đźš©.
I started testing with basic payloads:
; ls -laSurprisingly, I got a directory listing — meaning my input was being executed directly on the system!
From here, I escalated my attack
; whoami; uname -a; cat /etc/passwdđź’Ą BOOM! The system spilled sensitive information, confirming remote command execution (RCE).
