How I got an XSS before everyone Else

Hello Hackers

 

When it comes to bug bounty thinking out of the box is a crucial otherwise you will get a lot of dupes and it will waste your time

 

Last Month I have subscribed in findomain.app

Advanced, automated and modern recon

and I wanted to test it out since it offers some pretty decent features based on the price so I took a list of my domains and parsed them and forgot about them

 

One day I woke and I saw 2 new domains in a public program that looked really juicy I opened them and they were IIS with a login portal so I wanted to login and since my email was not in the corporation I was redirected to an link that looks like 
https://redacted.com/Home/Error.aspx?msg=You are not autorized

The message was reflected in the body, and since I'm very weak at XSS and client side vulnerabilities
luckily I saw the Wappalyzer and it shows that the website has IIS and Angular1.16

I jumped into AllPayloads Things-AngularXSS and tried the first Payload and it worked for both the domains x)

 

I jumped and reported it and I got rewarded $$$ each

 

Takeway

 

Automation is key, always automate the boring process with your own way (You may find things other don't)

 

What Could I have done?

 

After the bugs got fixed and I told a friend about it he mentioned that the program use's wide domain cookie which I could escalate for an ATO and I felt so bad since I could have got more than what I got