Which XSS payloads get the biggest bounties? – Case study of 174 reports
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw
Recently, I did a case study of 174 XSS bug bounty reports to learn how are people actually making money with Cross-site scripting. In this video, I’m showing you what payloads were the most common, which I think we should use and how some reports could have been improved.
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Timestamps:
00:00 Intro
01:38 Advantages of using img onerror vs using the script payload
09:54 the javascript protocol
14:43 Payloads with other event handlers and what should you do before sending the report.
18:47 XSS Hunter payloads
21:37 SVG payloads
23:55 Other payloads
27:59 Get access to the database with all the reports
Add comment