A bug bounty writeup demonstrating how XSS was discovered through manual observation rather than fuzzing tools. The researcher spotted an anomalous .php endpoint in a modern framework app, confirmed HTML injection with a basic tag, then bypassed a keyword-based WAF by substituting the blocked `<script>alert(1)</script>` payload with `<svg onload=confirm(1)>`. The vulnerability was reported and fixed.
Sort: