Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk
I have included my script in another file (main.sh), which I used in discovering this vulnerability.
I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.
I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.
Hello @nukats,
I am not sure about why they paid only $500 for this, and I have questioned them about it, and looking forward to hearing their response.
One thing that they had said while rewarding the bounty amount is, "The payout amount reflects the fact that fb.com domain is predominantly used for microsites and static content."
I hope this clears your question, and I will let you know again if I hear back from the team with more information.
Thanks,
Binit Ghimire
@TheBinitGhimire