Stored XSS on

Learn System Security - Stored XSS on ~ is a Bug Bounty Platform from Indonesia, for more info about you can open

I take a few minutes to look around and check every single URL, parameter, form.
On this page, we have a form to upload a profile image.
When I upload my profile image, I try to change the extension of my image.
When I change the extension with .html, no errors and my file successfully uploaded on the server.
I also tried some sensitive extension like .php / .php5 / .phtml / .PhP;.png / .php%00.png but blocked by server:(

Don't worry, we still can use .html to make Stored XSS.
Next, I put an XSS Payloads on my image with exiftool.

Payloads: "><img src=1 onerror=confirm(document.domain)//>

Thanks for: