Stuck on an endpoint Reflected XSS

They block “()” also tried some encoding. Get this one working javascript:alertdocument.domain
But, it’s printing document.domain, not the domain. I want to print the domain.

Hi @sa1tama0, Try using utf-8 encoding!

Use \x28\x29 instead of ()

check this encoder link:

1 Like

Thanks for helping me. But problem said, “It’s third-party app” They closed report.