DEV Community

Cover image for Acknowledgement From Unsplash
Muhaddis
Muhaddis

Posted on

Acknowledgement From Unsplash

Who don't love complimentary gifts regardless of how much cash you have? One advantage for me after getting involved in Bug Bounties is I love particular organization Shirts, Swags and stickers and now I have a bunch of collections. I frequently called myself freebies hunter rather than Bug Bounty Hunter :P

Well in my social circles a person posted a photo of his lid back with a stuck couple of stickers and unsplash stickers was additionally a piece of that accumulation. I went to their site and found that it's a website dedicated to sharing copyright-free photography under the Unsplash license. I founded the best room for me. I established the best space for me.

At the time I don't know whether they have a responsible disclosure policy or not. Without sitting idle and looking for any security policy page, I registered myself here and began pentesting not for bounty hunting but for bug freebies reward hunting. I know it sounds unfathomably horrendous. After searching and looking into pages I discovered a security and it initiates my inner monster of Bug Hunting, just joking.

I was searching for security-related issues, I experienced their API documentation and discovered many intriguing things here.

In a couple of hours, I established three security vulnerabilities in their Web Application and one in their APIs which can disclose private and delicate data.

I reported these security vulnerabilities to their security team with detail explained and got responses from them in the next couple of hours.

Alt Text

Because of their security policy, I can't uncover finished bug reports with Proof of Concept. After addressing these security discoveries, Unsplash Co-founder & CPO recommended me on LinkedIn.

Alt Text

They will be adding me in their security page soon. It was truly a good experience with Unsplash and I truly appreciate their support team. A debt of gratitude is in order for pursuing. Keep in contact to pursue more nitty-gritty reviews on bug bounty and more identified with InfoSec.

Top comments (0)