How I found my first P1 level Bug. $$$

2 min readOct 13, 2020

Hello Hunters,

This is my second blog, Today I will share a write-up about how I was able to See the user sensitive information on a Private Program on BugCrowd.

Before reading this report go check out my first report.

How I By-pass the login page and 2FA authentication…..

medium.com

I can't disclose the program name so assume it as www.examle.com

I was Testing for XSS on this website so I started testing on different parameters.
So what I did is open my burp capture the request and spider the host, I saw many parameters over there.
Testing on the huge parameter will actually take a lot of time so I tested on 10–12 parameters but no results for me.
So next I try to do a store XSS on first name and last field, but I was not able to write the script on first and last name, So what I did is capture the request in burp and change the first name and last name and dang my script was stored but unfortunately, the script is not getting executed.
So i thought to send the capture request of first name and last name to intruder and I just select those parameters.
So I have a payload list I just fire the payload list.
Dang I see my Payloads are getting executed with 200 response and a huge number of length.
So I just sort the length and check the response for the highest length. But still I was not able to get any XSS pop up
I was checking each response but no results.
Suddenly I saw the URL on the browser it is like https://something/api/xyz18/id
I was able to see my user id number specified to me over there. I found something Juicy over there so I just change the I’d up down and