New XSS without quotes ive found – Digitalmunition

Home Forums New XSS without quotes ive found

This topic contains 1 reply, has 2 voices, and was last updated by  PapyrusGod 2 months ago.

  • Author
  • #230613


    Theres websites that automatically escape any kind of quote so you cant do much more than alert(1). In the past theres been the methode of using regex like this: /stringToGet/.source but some site will escape more characters, so that sometimes wont work. I’ve found a way to get around that by putting together strings we can get easily. Example:


    For other characters you can often use the url, for example when you need https:// you can go location.protocol

    Edit: other people found something similar:

  • #230614


    How is this new or unique?

  • #230615


    Really hit the -=-1 lol

  • #230616


    Since you only have one line in the for loop, you might be able to get rid of the curly braces too

You must be logged in to reply to this topic.