Chaining vulnerabilities

Whenever you identify a vulnerability, the foremost question should be, what security impact is the bug going to make on the application? You can either start hunting with the goal of finding a bug or you can start hunting with a vision of looking for the best impact in the application. The former vision is an isolated one, whereas, the latter upholds a wider point of view.