July 6, 2026
From Recon to Reward: Discovering a SQL Injection Vulnerability on a Subdomain
This article describes a simulated bug bounty scenario created for educational purposes.

By Jesse Marlow
1 min read
As a Bug Bounty Hunter at CyberVolt, one of the most valuable lessons I've learned is that small assets are often overlooked. During a routine assessment of a target within a public bug bounty program on Intigriti, I identified a subdomain that appeared to receive significantly less attention than the organization's primary applications.
My initial reconnaissance involved subdomain enumeration, technology fingerprinting, and endpoint discovery. While mapping the application's functionality, I discovered a parameter that interacted directly with backend database queries. The application's responses suggested that user input was not being properly sanitized.
Using a series of carefully controlled tests, I confirmed the presence of a SQL Injection vulnerability. By observing changes in server responses and validating database behavior, I was able to demonstrate the issue without accessing unauthorized data or causing disruption to the application.
After documenting the vulnerability, affected endpoint, proof of concept, impact assessment, and remediation recommendations, I submitted a detailed report through Intigriti. The vulnerability was triaged, validated, and ultimately rewarded due to the potential risk it posed to sensitive backend data.
This experience reinforces an important lesson for bug bounty hunters: valuable findings are not always hidden behind complex attack chains. Sometimes a simple, overlooked parameter on a forgotten subdomain can lead to a significant security discovery.
Successful bug bounty hunting is built on methodology, patience, and responsible disclosure. Thorough reconnaissance and careful validation remain some of the most effective techniques for uncovering impactful vulnerabilities.