Just like other newbies, I had been practising on portswigger academy, feeding on writeups day in and day out waiting for my first valid bug and then when it came I wasn’t able to believe what I had found.
This is the story of my first bug which I had found last october. As usual I was reading writeups and practising, watching other hackers’ videos and hovering from one discord bug bounty community to another when I saw a guy posting on nahamsec’s server that Logitech has launched a new public program with huge scope. I ran towards it.
…
Hey guys, this writeup is about my first Reflected XSS and how I escalated it to account takeover.
I read many Bug Hunters implying on the fact that don’t submit a simple XSS, try to escalate it. I also would tell you to escalate as much as you can, if you give them a XSS and tell what a person can do with it, it does not shows the amount of impact as you would be able to show when you prove with how it would be done; this will increase the severity as well as your payout.
So, I…