How I got my First $$$$ bounty from finding a bug in Facebook:

Hi, I am Aashish Jung Kunwar from Dhangadhi ,Nepal. I am student studying at Grade 11. I am totally a new and a beginner in this field. Today, I will be showing you what exactly I did to get the bug that I discovered qualify for the Facebook Bug Bounty Program which made me earn $1000 as a reward from the Facebook Security Team and became one of the youngest Nepali to get Bounty reward from Facebook.

How I got my 1st bounty:

I reported my first bug on November 24 , 2020 and went duplicate . I was disappointed to know that my first report gone duplicate .But ,I kept on reporting . Again , most of them went duplicates . Finally I grabbed one and rewarded with bounty reward of $1000 from Facebook .

About the bug:

Personal and Page Profile Interaction error in Facebook group . (The voice selector failed to work correctly ). I found a technical security issue while I was doing comment via personal profile it was done from the Facebook page.

What I Submitted :

Title : COMMENT GOES FROM PAGE PROFILE INSTEAD OF PERSONAL PROFILE .

Vuln Type: Identification / Deanonymization

Product Area :Facebook — Android

Complete Details :

Impact:

Repro steps:

Environment: UserOne who is the member of GroupOne and also his PageOne is also the member of the group is interacting with GroupOne’s Post.

App version: Facebook for Andriod

Steps:

Timeline :

Reproduced: 22 December 2020

Triaged: 23 December 2020

Fixed: 24 March 2021

Confirmation of Fix : 24 March 2021

Rewarded {$$$$}:9 April 2021

Thank you for reading : )

If you wish to connect with me then I am available on Facebook and Instagram.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store