Hey folks!
I hope you’re enjoying my bug hunting stories as much as I enjoy writing them. I genuinely appreciate your support and hope I never disappoint you. Let’s jump into another bug tale — this one’s a mix of curiosity, luck, and persistence!

Free Article Link 👈

I was hacking on one of my regular targets. It’s been a while — no bugs, no leads, and to top it off, exams were knocking at the door. My brain was fried, and motivation was sinking. So I decided, why not explore a fresh target in parallel?

I picked a random target and started my recon as usual with the classic subfinder:

subfinder -d target.com --all --recursive --silent | httpx -sc -td

After a while, I had a list of all live subdomains thanks to httpx. I began scanning them randomly. Right off the bat, I noticed that many subdomains were hosted on IIS Windows servers — time to run ShortScan.

One subdomain caught my eye: an AI chatbot — interesting!

I opened it, checked the source code and JS files, but didn’t find anything juicy.