Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

preview_player
Показать описание
Hello Everyone,
Try sending the payload test\payload and observe that your backslash doesn't get escaped.
Replace your input with the following payload to break out of the JavaScript string and inject an alert: \'-alert(1)//

"Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use. This video was made for entertainment purposes, and is transformative in nature."
If you Want More Such Videos do tell me in Comment Box.
{
PLEASE SUBSCRIBE TO " Ayan Ahmad " , THANKS
}
Video Creator - Ayan Ahmad
#TechnoAyan
#AyanAhmad
#SubscribeTechnoAyan
#AyanAhmadcode
#AyanAhmadhacks
#AyanAhmadCourse
#AyanAhmadtutorial
Рекомендации по теме
Комментарии
Автор

why do we have to type -
like y cant we just type alert('1') y we type -alert(1)-

mostafanasser
visit shbcf.ru