Hello Guys!, This is my First Ever writeup. Today i will tell you about my First Bug
It was a Blind XSS ( Blind XSS are awesome 🔥 )
First I went to Bugcrowd and start finding a good program for me.
At that time i thought why not choose the old program because there are many hunters hunting on newly added programs.
so i went to bugcrowd.com/programs and click Last >> Then i select a program that have *.target.tld
I open homepage (redacted.com) and start looking for keywords like Contact Us, Customer Support, Help
I found get a demo button, I clicked and found that there is a form for demo slot booking.
I paste my xsshunter's basic payload on every input i see.
after 10 to 15 hours, I got a mail from xsshunter, I receive multiple fires from redacted.com.
I report immediately and tell them that some of your booking form inputs are not sanitized and vulnerable to blind xss.
I showed them PoC, IPs, etc. details
After 4 Days, they Triaged with P2 severity
i was so happy, i can't belive this because the program is one of the oldest program on bugcrowd.
After 2 Days they rewarded me with $900 and 20 Points
I got mad that day, words can't describe that feeling.
Special Thank to all my Mentors @thecyberzeel @AnubhavSingh_ @IAmMandatory and Bugcrowd
Here is the Tip : Programs add new features time to time and these are mostly vulnerable, so work on old programs too.
[19 Jun 2021] : Bug Submitted
[23 Jun 2021] : Accepted and Triaged as P2
[25 Jun 2021] : Rewarded $900
[23 Dec 2021] : Resolved