Today I wanted to share with you my first vulnerability found in the bugbounty programs.
It's the first time I do a POST about a bug. I remember that I started looking in the list that has the bugcrowd program (https://bugcrowd.com/list-of-bug-bounty-programs). so I chose netflix.
use several tools for the recognition and study the behavior of the web page, capturing the request and verifying the response.
When I tried the following:
payload: </script><script>alert(1);</script>
and bingo
Netflix Hall of Fame: https://help.netflix.com/en/node/6657
This has been my message, I hope it has served you, I also wanted to thank Netflix for this experience.
Thank you,
My data: https://twitter.com/bada_77