A web hacker (bug bounty hunter) discovered a stored cross-site scripting (XSS) vulnerability by reading the target’s JavaScript files.
This is a standard tactic for hackers when standard attempts to find vulnerabilities aren’t working, and it paid off this time.
The hacker suggests that developers should avoid putting website code in JavaScript, as it can cause problems when rendering JavaScript on the client-side.
The hacker claims that the website essentially led them to the vulnerability ultimately, and it paid out a decent bounty as a result.
The hacker outlines the steps they took, and encourages others to try this method when standard avenues aren’t producing results.