The tweet mentions the discovery of two XSS bugs on two subdomains of a famous English university. The bypass payload used was <SCript>1/*'/*'/**//alert(`sardar0x1`)</SCript>. This payload was able to bypass the WAF and trigger an alert message. This demonstrates a potential security vulnerability in the university's web application firewall. This information can be useful for bug bounty hunters and cybersecurity professionals in understanding the impact of XSS vulnerabilities and the effectiveness of WAF protections.
For more insights, check out the original tweet here: https://twitter.com/sardar0x1/status/1847653365020275072