Hi guys! Found this and tried them out and it’s really great so I want to share this with you guys.
How to Upgrade Your XSS Bugs from Medium to Critical
Jim found some user input that was reflected, unsanitised
Jim put <script> alert(1)</script> into the input and an alert box popped up
Triaged as P3/Medium Severity
Rewarded $300
The target was a very large company, and this XSS was on their most prominent domain which hosts a customer login portal and performs a number of highly-sensitive actions. What Jim didn’t know is that with a bit of extra effort, this bug could have been upgraded to a one-click account takeover and would likely have paid $5000. Don’t be like Jim.