This is my first write-up so please bear with me.
I do bug bounty only as a part time so I usually try ro look for bugs on Hackerone and Bugcrowd as they are the usual platform that I spent my time on. So few months ago, I was reading this disclosed report in Hackerone:
This is a very neat and easy to find bug. I thought to myself that I wont find that kind of bug since H1 should have been aware of that bug and wont make the same mistake. Well, I guess I was wrong.
While doing some testing against external programs that have invite only program, I mistakenly open an external program in incognito. I was about to close it up when I noticed something similar to the report i recently saw.
My eyes glows up and immediately reported this to Hackerone. Now, it is just a waiting game.
Unfortunately, after 3 days, I recieved this message.
I didnt get discourage and appealed to the triager to recheck the submission. I also referenced the report that was accepted. I also utilized mediation request from Hackerone. However, after 3 months of communication with triagers and mediation team this is their ruling.
I was devastated as I am frustrated. I dont understand why the other report was accepted while mine was closed as informative when both have a similar issue.
After that, I still tried to prove my point but knowing Hackerone have the last say to the report, I eventually gave up and I just asked permission to disclose the report thus here I am writing my first write-up