Simple Technique of Finding Stored XSS Without Having To go Through the load on the COOKPAD.COM

Hi bug hunter and all my friendsthis time I want to write a write up of my xss stored findings on the cookpad.com site.ok just go to the completion steps :the first step I have to create an account first on the site cookpad.com


then I input the html tag in the name form.
The tags I use are :

<img src=x onerror=prompt(document.domain)>

And here I don't find a restriction on inputting html tags on the form, and that of course can have an impact.Then I clicked submit on the registration form, and at first I thought it would generate a pop up, and it was filtered.then I was silent for a moment, and tried to check the features on the site, and I found a post comment feature.

and there I had the opportunity to try to input the html tag and it was filtered, and I also tried to reply to the comments I made myself, and then the xss pop up was generated.
and at first I was confused, where did the xss pop up come from, and it turned out that the pop up came from the user comment tag feature. because my account name uses the xss tag, and so it generates a pop up when using the reply comment feature. more details like this :

@<img src=x onerror=prompt(document.domain)>

and then i report this bug finding to cookpad. I reported it to the brand via email and github.Timeline :
Report : 6/11/2020
Valid report : 11/11/2020
Fix : 11/11/2020
Rewards : certificate and shipment of goods

Pemburu Bug & Pengujian Penetrasi