? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
? Follow me on twitter: https://bbre.dev/tw

Recently, I did a case study of 174 XSS bug bounty reports to learn how are people actually making money with Cross-site scripting. In this video, I’m showing you what payloads were the most common, which I think we should use and how some reports could have been improved.

? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Timestamps:
00:00 Intro
01:38 Advantages of using img onerror vs using the script payload
09:54 the javascript protocol
14:43 Payloads with other event handlers and what should you do before sending the report.
18:47 XSS Hunter payloads
21:37 SVG payloads
23:55 Other payloads
27:59 Get access to the database with all the reports

Add comment

Your email address will not be published. Required fields are marked *