BOOK THIS SPACE FOR AD
ARTICLE ADit was way back in 2016 and i was new to this bug bounty thing, alot has changed since then
i saw a disclosed report regarding open redirect on a public program on hackerone website and also there was other disclosed bug regarding XSS too, so i opened the open redirect bug and made an account on the website of the scope of program
and in the other tab i opened bunch of XSS report
the open redirect bug was having a POC like this
https://www.example.com/account?redirect=EvilDomain.comi simply opened my burp suite and sent the request in intruder with sniper payload of list of 500 XSS payloads
in one of them i got 200 OK and there was xss vulnerability
the program rewarded me with bounty