Help me please

I used aem_hacker.py and used burp collaborator payload as a host and then got a callback from a server. The server sent salesforcesecret in the request. Any idea how to exploit this further? Or should I just report this to the company?