How to bypass filter which blocks < charachter?

Asked Apr 25 '20 at 06:25

Active Apr 25 '20 at 06:25

Viewed 24 times

I am practicing reflected xss .I found a page in my lab which gives back the input in response of the request.But the application is sanitizing anything which comes after a < character because of which I can't use any tags.What is actually happening is when I give input as < it is being encoded and then sent to server , then server is decoding and checking for < character . If I use > character in addition to < character then every thing in between them is getting sanitized. Is there a way to bypass it?

asked Apr 25 '20 at 06:25

wandrer

You could try to nest tags or use unexpected/invalid HTML contructs. E.g. <foo<bar>>. – Arminius Apr 25 '20 at 06:51
@Arminius as soon as the application sees < character every thing after < will be sanitized – wandrer Apr 25 '20 at 07:19
@SteffenUllrich Thank you, that is helpful. If you get to know any solution please ping me – wandrer Apr 25 '20 at 07:21

How to bypass filter which blocks < charachter?

0 Answers0