How A Simple Bug That Refused to Die, Paid Twice. 💰 ⚠️ Disclaimer This write-up is for educational purposes only. All testing was conducted on authorized targets within the scope of a …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A bug bounty hunter discovered a reflected text injection vulnerability in a Swiss insurance company's email confirmation endpoint. Although XSS payloads were blocked, plain text input was reflected on the page, enabling social engineering attacks on a trusted verification flow. After reporting and receiving a bounty, the researcher found the same vulnerability persisted in the password reset flow due to an incomplete fix, earning a second payout. The key takeaway: developers often patch one endpoint while forgetting similar ones, and hunters should always re-test related flows after a fix is applied.

How A Simple Bug That Refused to Die, Paid Twice. 💰

Bug bounty hunting teaches you a lot of things.

🔍 The “Hmm… That’s Weird” Moment.