Modern applications are complex chains of events and listeners.
In bug bounty, a single insecure listener is all it takes. This talk dives deep into client-side exploit chains, all starting from one simple mistake, a bad listener. We'll walk through 3-5 bug bounty findings, showing how to turn a postMessage listener into exfiltration, abuse trusting iFrames' onmessage handler, and escalate a prototype pollution flaw. This is a quick, practical guide to finding, exploiting, and understanding these types of bugs and how to look for maximum payout.