A stored XSS vulnerability was discovered on a private bug bounty program at HackerOne. The bypass payload used was <Img Src=OnXSS OnError=confirm("Hacked_by_a7madn1")>. This payload executed a confirm message 'Hacked_by_a7madn1'. For more details, read the Write-Up at #bugbountytips #xss #Hacked: https://t.co/vfr5AX4GnF
Original tweet: https://twitter.com/Numero_Hacks/status/1911715279400231014