19Mar
XSS bypass in url
I have a website: https://bugbounty.com/test/"injection inside js", but "
is escaped with \
and I'm trying to inject </script><script>alert()
but https://bugbounty.com/test/</script><script>alert()
redirects me to a 404 page because of /
, I tried encoding /
as %2f
but I get the same results.
Do you have any idea how to bypass it?