i was hunting on a self hosted program which have many wildcard domains i started my normal recon automation finding subdomain etc while this automatation runs i always check domain by manual visit to take look of their functionalities.

on of the main domain i found a contact us page where captcha is implemented but i noticed that its not configured right nobody can submit the form without captcha i looks minor issue but its just starting so decided to report it and check their response time .

And guess what after some days a got a email from them i got surprised what i got $100 bounty in just minutes of recon

if you want connect with me on linkedin