12th Acknowledgment From Unsplash

Who don’t love complimentary gifts regardless of how much cash you have. One advantage for me after involving in Bug Bounties is I love particular organization Shirts, Swags and stickers and now I have a bunch of collection. I frequently called myself freebies hunter rather then Bug Bounty Hunter šŸ˜›
Well in my social circles a person posted a photo of his lid back with stuck couple of stickers and unsplash stickers was additionally a piece of that accumulation. I went to their site and founded that it’s a website dedicated to sharing copyright-free photography under the Unsplash license. I founded the best room for me. I established the best space for me.

Unsplash is a website dedicated to sharing copyright-free photography under the Unsplash license. The website claims 25,000 contributing photographers and generates an estimated 1 billion photo impressions per month. Other uses for Unsplash art include album art, advertisements, and product art for companies.

At the time I don’t know whether they have responsible disclosure policy or not. Without sitting idle and looking for any security policy page, I registered myself here and began pentesting not for bounty hunting but for bug freebies reward hunting. I know it sounds unfathomably horrendous. After searching and looking into pages I discovered a security and it initiates my inner monster of Bug Hunting, just joking.
I was searching for security related issues, I experienced their API documentationĀ and discovered many intriguing things here.

In couple of hours I established three security vulnerabilities in their Web Application and one in their APIs which can disclose private and delicate data.
I reported these security vulnerabilities to their security team with detail explained and got response from them in next couple of hours.Unsplash Response

Because of their security policy I can’t uncover finish bug reports with Proof of Concept. After addressing these security discoveries, Unsplash Co founder & CPO recommended me onĀ LinkedIn.Unsplash Recommendation

They will be adding me in their security page soon. It was truly a good experience with Unsplash and I truly appreciate there support team. A debt of gratitude is in order for perusing. Keep in contact to peruse more nitty-gritty reviews on bug bounty and more identified with InfoSec.

, , , , , , , , , , , , , , , , , ,

Leave a Comment

Thanks for downloading!