How I paid 2$ for a 1054$ XSS bug + 20 chars blind XSS payloads

  • When you see characters limitation or when a character is restricted somewhere, try to embed 2 chars into 1 or use the Greek dictionary to find a similar character.
  • Sometimes you can go to an out of scope domain or lowest bounty domain to get a valid bug/high bounty bug




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

SMEs need new cyber habits

{UPDATE} Brain Benchmark Hack Free Resources Generator

MANTRA DAO Expands Raze Partnership to Bring Native RAZE Staking

{UPDATE} Keno University Hack Free Resources Generator

If you are looking for digital signature for iec code, dgft digital signature, dgft digital…

Dhiway joins the ToIP Global Foundation as Founding member

MANTRA DAO Weekly Review #9

Washington Attacks Your Privacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohamed Daher

Mohamed Daher


More from Medium

Introduction to Spring Boot Related Vulnerabilities

Cross site scripting | xss explain(PORTSWIGGER solve)

SQL Injection is Where Clause — Burp Academy Labs

No Rate Limit at Reset Password Endpoint can Lead to account takeover (APPLE CORP)