Hi Bug Bounty community, this is my first write up for a bug I found in a private HackerOne program. Let’s call it redacted.com for this article.

So there was a subdomain for redacted.com which was something.redacted.com for people could post queries and answer then via comments.

One interesting thing that I noticed was there was a markdown editor as well. I uploaded a image and I attached it to the comment and after attaching the image in the comments what I noticed was the markdown editor was phrased like this [IMAGE]ID[IMAGE].

Upon changing the image ID and posting the…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store