Those are Lucky who got there first vulnerability as P1.I joined bugcrowd in the mid of February 2015. I had found P1 Vulnerability on my first submission with 500$ reward.I am working for a Company on full time basis that’s why not able to give much time to Bugcrowd,but always loves to give atleast 2 hrs per day to Bugcrowd. I learned and learning every day from Bugcrowd. As I am self-taught hacker ,So google is my best teacher and bugcrowd acts like a guide.
The First Vulnerability was Blind sql injection.Generally what I was doing in my beginning mostly injecting Sqli payload in parameter of the URL as like below ‘id’ parameter. I also read that sqli payload could be injected in URI itself, but I never used till .So thought to use it.I cannot disclose the name of the program due to Non-disclosure agreement with bugcrowd but I tried to inject sqli payload in URI and luckily it was successful.
SQL injection through Parameter:–
SQL injection through URI:–
After detecting Sqli I forwarded this to sqlmap.I ran sqlmap and able to extract Database schema,admin id and password. But in fear whether I gone more deep !So I had not shared about Admin ID and password in POC .But below detection I have showed in POC .