Web App
Bypassing Input Filters to Land Reflected XSS via URL Encoding
A client-side input filter on a fleet management portal's search function looked solid — until I encoded the payload. A walkthrough of how Google dorking, a filter bypass, and an obscure event handler combined into a confirmed reflected XSS.
Feb 18, 2020
Medium