We’ve all been there — scrolling through bug bounty platforms, seeing hunters post about critical RCEs and complex chain exploits, while we’re stuck finding “low-severity” issues. But what if I told you that some of the most consistent bounties come from vulnerabilities so simple they’re often overlooked?
Press enter or click to view image in full size
After studying hundreds of reports and learning from other hunters’ successes, I’ve discovered that P4 bugs can be a reliable income stream if you know where to look. Here are two patterns I’ve seen repeatedly in successful reports from other researchers.
The Cached Session Trap
I read about a hunter who found a fascinating issue on a popular SaaS platform. They noticed that after logging out and clicking the browser’s back button, they could still view their dashboard page with all its sensitive data.
How It Worked:
The application was missing proper Cache-Control headers. When users visited sensitive pages, their browsers cached the content. Logging out only cleared authentication cookies but didn't prevent the browser from serving the cached version when using the back button.