$1,390 Bug Inconsistent Token Permissions

Fellow Raiders b3ludan , soura

While exploring a program’s Container Registry, we found a simple yet impactful flaw: A read-only token could delete a Docker image — something that shouldn’t happen if token permissions were enforced strictly.

Reproduction Flow

• Created a simple Dockerfile
• Logged in using a read-write token
• Pushed the image to the registry
• Logged out and back in with a read-only token
• Ran docker image rm  — and it worked

Takeaway

This wasn’t a complex bug — but where we found it was deep. We didn’t just test endpoints. We tested logic, token scopes, expected vs. real behavior. We tested everything related to token permissions — the actions most people skip.

Interestingly, our submission was initially marked as out of scope. But after referring the triager to the program’s official documentation and scope guidelines, the triager acknowledged the oversight and triaged the issue properly.

🔍 Always test beyond expectations. Explore every corner. Push your logic.

That mindset is what turned a basic functionality check into a $1,390 bounty.

Grind Behind the Scenes

We spent 13 straight days, averaging 10+ hours a day, hunting through every functionality this program offered.

The result?

💰$6,000+ minted from this one program on Intigriti

• 🟢 6 Accepted
• 🟡 2 Duplicates
• 🔴 4 Rejected
• 🔵 1 Informational

🧠 Final Note

Bug bounty isn’t just about being “technical.” It’s about thinking deeper, being curious, and chasing unexpected behaviors.

When you give your 100%, even simple bugs pay big.

Easy bugs. Hard-earned bounties. Deep testing mindset.

Follow me for more real-world bug bounty breakdowns, pentest stories and tips from the trenches of offensive security.