The things that we can learn from this report are the following:
- Bypassing XSS filters does not have to be complex or difficult as long as the attacker is creative in what they do
- Encoding XSS payloads help in bypassing many filters so it is always advised to experiment with your scenarios in order to move forward with it
- In this report, just a brief experimentation with the /characters made the hacker $5,000; similarly, it is advised to experiment with your own scenarios