.png)
6 days ago
17 BOOK THIS SPACE FOR AD
ARTICLE AD
link of my personal gitbook : https://mrci0x1.gitbook.io/home
Late one evening, I decided to dive into some bug hunting for a quick session. I noticed the application had strict username rules during registration—special characters like @@ or ... or numeric-only usernames like 123 were not allowed. Also, I can't change my username after signing up. It seemed solid.
I registered normally and went to my profile settings. However, the option to change my username was disabled.
I didn’t stop there. I decided to change my bio and intercepted the request using Burp Suite.
While reviewing the request, I spotted that I could add a parameter that doesn’t exist that allowed me to modify my username.
After I added the parameter, I sent the request again, and it just worked!!
My profile was updated successfully.
ME: Sending the bug.
Triage Team: Waiting for duplicate me.
Bengali (Bangladesh) · 
English (United States) ·