How I was able to get 1000$ bounty from a ds-store file?

Photo by Florian Olivo on Unsplash

Go!

The Starter?

Tools used in the Exploit

1 — Subfinder

2 — Httpx

3 — Nuclei

4 — ds_store_exp

Exploit

Symfony Profiler Search Bar

Conclusion

TimeLine

I’m a Bug hunter || Security Researcher at Hackerone, Detectify Crowdsource, Synack Red Team.