I found an XSS in
example.com website, however i’m not able to make it work as there’s a filter in place. The filter throws a 403 error when i insert common xss payloads. It also blocks the following
<script>tags are blocked
alert, prompt, confirm & write are blocked
every valid Window Event Attributes are blocked
Closed tags are blocked, for example
<a href="1"works while
<a href="1">ais removed
I was able to inject the following payload
but obviously this code doesn’t works as
onxsstest doesn’t exist.
What payloads can i use to bypass this xss filter?