✉️ Sign up for the mailing list: https://bbre.dev/nl
📣 Follow me on twitter: https://bbre.dev/tw
Recently, I did a case study of 174 XSS bug bounty reports to learn how are people actually making money with Cross-site scripting. In this video, I’m showing you what payloads were the most common, which I think we should use and how some reports could have been improved.
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
01:38 Advantages of using img onerror vs using the script payload
14:43 Payloads with other event handlers and what should you do before sending the report.
18:47 XSS Hunter payloads
21:37 SVG payloads
23:55 Other payloads
27:59 Get access to the database with all the reports