Ahmad A Abdulla
3 min readOct 6, 2022


Hello all bug bounty hunters sorry for any mistake if I forget something to use this writeup for your RECON or you’re RESEARCHING, I found 2 w 3 bugs with the same idea

I submitted this bug to private programs but I changed everything here name website and panel and photos just to help the new bug bounty hunter it’s not the real name and photos

The first time I found csrf in the first name and last name no have a csrf token but the website not accepted csrf and self xss from the csrf i can change name to any word or payload xss but have no impact and not accepted by the website it’s too bored

after 2 or 3 hours I found a demo panel with the same information when you change the first name will change in the demo i changed to xss payload first name and the last name will be done and worked xss but the website not accepting self xss we need to change to stored xss but how?

ok now we have CSRF to change the profile name to xss and we found a demo website to reflect the xss it’s good

we need to redirect users from the normal website to the demo I found the button to create this redirection from the normal website to the demo website and the xss reflected

and I create two csrf one to change the profile name to xss and two to redirect users to the demo and injection like this

steps like this

1 goto xxx.com change profile name and capture request and create csrf

2 capture request, the button will redirect you to the demo website, and create csrf