How i got my First Bug Bounty Reflected XSS

Asslamualikum everyone,

Shihabherok

~1 min read · February 19, 2026 (Updated: February 19, 2026) · Free: Yes

so want to share my first bug bounty in YESWEHACK private program so first i Open all scope in firefox tab and also open burp suite intercept on for capture data. I found a interesting endpoint like that: https://example.com/test-resource/index.php?canal=pfHvul543224thsbh

So i tried to use xss payload "pfHvul54…3224thsbh" in middle of parameter. full endpoint like that https://example.com/test-resource/index.php?canal=pfHvul54<script>alert(1)</script>3224thsbh

Wow when forward i am surprised payload working and triggered the payload. then i successfully got ReflectedCross-site Scripting!!! So i report it.

Timeline Review

Sep 09, 2025 (Initial Report)
Sep 10, 2025 (Triaged)
Sep 22, 2025 (Bounty Awarded — $500)

Thanks For Reading my writes up !!! Happy Hacking !!!

#reflected-xss #xss-vulnerability #how-i-got-bounty

How i got my First Bug Bounty Reflected XSS

Asslamualikum everyone,

Reporting a Problem