$780,000 with Bug Bounty

Introduction

I've made $ 789,000 in a span of three months. Yes, that is absolutely insane. The vulnerability I've exploited the most, or at least found the most, would be XML entity expansion attacks, SQL injection attacks, and some SSRF attacks as well.

Would you rather focus on one or two vulnerabilities and get very good at finding them, or have a general knowledge of the OS top 10 and look for each one?

Expertise any given day. I focused on one—SQL injection—though I would find cross-site scripting, CSRFS, I completely ignored them.

Keywords

• $ 789,000
• Three months
• XML entity expansion
• SQL injection
• SSRF attacks
• Focus and expertise

FAQ

Q1: How much did you earn with bug bounty in three months? A1: I earned $ 789,000 in three months.

Q2: Which vulnerabilities did you exploit the most? A2: XML entity expansion attacks, SQL injection attacks, and SSRF attacks.

Q3: Do you prefer to focus on one vulnerability or have a general knowledge of multiple vulnerabilities? A3: I prefer to focus on one vulnerability and excel in that. My specialty is SQL injection.

Q4: Do you bother with other types of vulnerabilities like cross-site scripting or CSRFs? A4: No, I completely ignored them and focused on my expertise in SQL injection.