On the screenshot below, you can see that we can fully inject our payload without breaking a sweat. But you may notice that our
// isn’t reflected to comment out the excess
“ which will cause errors and making our payload benign.
Also, we need to put a semi-colon before
But just like our
//, the filter also removed our semi-colon
; and got the same result as above. 🙁
So our final payload is
Which makes our payload…POP!
Any tricks you want to share? Tell us in the comment section below.
Credits to the owner/s of the featured image used in this blog.