The resulting encrypted string is passed as a post parameter in the URL.
You have found a blind XSS vulnerability on a major bug bounty program. The proof of concept contains a JavaScript payload that exfiltrates cookies to your server. You cannot paste this raw because the target company monitors public pastes. hacker101 encrypted pastebin
app.post('/pastes', (req, res) => !keyHash) return res.status(400).send('Encrypted text and key hash are required'); The resulting encrypted string is passed as a