The tweet mentions a successful submission on Bugcrowd for a Reflected XSS vulnerability with a WAF Bypass. The payload used for the bypass is 'test%3e%3ciMg%20sRc%3dx%20Only%3d1%20OnErrOr%3dprompt%60akr3ch%60%3e'. This tweet highlights the importance of finding vulnerabilities by bypassing WAF protection. If you have more technical details or information about the WAF vendor, please share.
I earned $$$$ for my submission on @bugcrowd
#ItTakesACrowdBug: Reflected XSS (WAF Bypass)
Payload: test%3e%3ciMg%20sRc%3dx%20Only%3d1%20OnErrOr%3dprompt%60akr3ch%60%3e#bugcrowd #bugbountytip #BugBounty— akr3ch (@akr3ch) August 21, 2024