Hi, welcome back to another blog. In this blog, we're going to know how I found my first XSS in the Public Bugcrowd program. So, before starting, if you haven’t followed our medium account, do follow, guys. So without wasting time let's get into the story of the XSS.
The Early Days
During this XSS finding phase, I had a little bit of knowledge about bug bounty. I have 1+ months of bug bounty knowledge. In starting as we know everybody will start with HTML, and XSS in the beginning stage of bug bounty learning.
I started testing HTML and XSS vulnerabilities in every bug bounty program. Because I think those are the only vulnerabilities that exist in the bug bounty world. Think about my mindset and knowledge that I have in that phase. Lol!
Generally in starting stage, we can’t understand which one is a vulnerability, how the vulnerability makes an impact and we don’t know if this is the vulnerability or not. But in HTML and XSS we can easily find out if the code is rendered the output becomes like HTML or popup a box or something like this then yeah! this is the vulnerability. Now we can report it to the program.
That’s why many newbies start their bug bounty journey with HTML and XSS-related vulnerabilities.
Discovering Hidden Parameters
I gathered every input box and filled all the inputs with HTML and XSS payloads. none of them worked. After I…
