It's a pretty common technique for exploiting Blind SQLi. You can use this as the one of the Branches in a SELECT IF to be able to determine the value of something in the DB.
I liked this. I also wonder if it'd be worthwhile for me to take a few months off of work and try just poking away at security bounty programs. I doubt it would pay off to start with, but it seems like a pretty lucrative path. I know the OWASP Top 10, but don't really know my way around Burp Suite or anything.
Sign up for Bugcrowd and give it a go in your spare time. I would say it pays really well, in that it forces you to exercise and stretch your brain, over time you'll start getting better and work to the point you could quit your day job and do security full time.
How do things like bugcrowd (and bug bounties in general) work from a legal point of view? It seems very risky to go poking around without some kind of formal contract with the target.
If you decide to give it a shot, pay close attention to the policies and procedures that companies post. Facebook has refused to pay people in the past because they didn't use the framework/channels that they have provided.
I don't think so. There's creativity in hacking any server. You won't find a straight same path every time. I think security researchers are the most patient people or most determined.
This was done after Facebook announced that Oculus is a part of their Whitehat program. OP was awarded 25000$ total for finding the vulnerabilities.
Very effective.