I Found a MASSIVE XSS Vulnerability on a Karting Site in 10 Minutes

In this live bug bounty hacking session, I discover and exploit a massive reflected XSS vulnerability on a real karting website - all in under 10 minutes. 🏎️💥

This video walks through live recon, testing, payload crafting, and proof of concept, showing how professional hackers approach real-world web app vulnerabilities responsibly. It’s an inside look at the exact workflow used to uncover critical bugs and report them through coordinated disclosure.

✅ Responsible disclosure & permission:
I discovered a reflected XSS affecting a karting site during a live bug-bounty session. This vulnerability was reported on 03/11/2025 and fully fixed on 03/11/2025 by the site owner. I have written permission from the site owner to demonstrate and disclose the issue publicly; I retain the permission email and can provide it to YouTube or the site owner on request.

🎯 What you’ll learn:

How to spot and test for reflected XSS

How to safely report vulnerabilities

How bug bounty hunters think/general workflow

Why responsible disclosure matters

If you’re into bug bounty hunting, cybersecurity, or web app hacking, hit Subscribe - I post real-world tutorials, live hunts, and exploit breakdowns almost daily.

📢 Join the community:
👉 Discord link in channel description
👉 Subscribe + hit the bell icon for more live bug bounty hunts and ethical hacking content