After one of these stupid bets, I had to look at bug bounty programmes.
first tried to apply a typical OWASP Top 10 methodology during the
Deutsche Telekom programme. Not very efficient... So I decided to
participate in other programmes with a focus on two narrow fields, XML and
SSRF. As expected, few people had a look at this area. As a result, I
totally pwned Prezi and Yahoo.
For both of them, I was quickly able to read non-privileged files
like /etc/passwd. I later accessed the private key of Prezi's cloud
deployment system (using a EC2/OpenStack trick) and got root privileges
on every outbound Yahoo proxy (with a vulnerability previously closed as
Big compromises implying big rewards, I earned the top rewards from both
programs. Around 25k$ in a few days, for pwning production networks,
that's a hobby that most sane people should enjoy!