السلام عليكم ورحمة الله وبركاته

الحمدلله

وَقُلِ اعْمَلُوا فَسَيَرَى اللَّهُ عَمَلَكُمْ وَرَسُولُهُ وَالْمُؤْمِنُونَ) [التوبة:105])

This is my first valid bounty, and it came from an api in the search bar.

it's an app with an already 2000 bug registered in it yet i still managed to find something by grace of allah of course, so never mind how many bugs are in an app when you are testing.

there was a web app which had this search bar:

it is an organizational web app, meaning it has members and admins and so privileges, the app has what they call channel, like a chat between the members, they can send messages, images, and many more.

of course they can search in the channel which the bar above, when i searched the channel there was many apis that got captured in burp suite, one of them was an auto complete search api.

so when i saw that it returned metadata for channels the user is in, i figured maybe i could play with it to see if i can see what i shouldn't, like information about channels i am not authorized to see.

i sent the request and no extra channels were returned, so i added a user to a channel, then sent the request, and i got the normal response which is the metadata of that channel, then i removed the user from that channel and sent the request again, the api wasn't updated, and i could still see the channel, i figured maybe it was cached so i edited the channel's name and sent the request again, and it changed!

i tried to escalate further but i couldn't since i am fresh, i sent the report as is, strangely the api doesn't appear in every search, i had to reload for it to be captured, the team had to ask for more information and i had to record some videos, any ways they managed to recreate the problem and they validated my report and got my first bounty!