10Şub
Demonstrating reflected XSS with GET Parameter and URL encoding
A client is developing a website which is vulnerable to reflected XSS through a GET parameter:
https://example.com/vulnerable-url?")||true)alert("XSS");</script>
I would like to demonstrate this vulnerability by providing a link like the above but the text contains characters (such as the ") which are URL encoded by a browser, resulting in an invalid, unexecuted script.
I've also found that using a form within HTML to perform a GET request also results in URL encoding of the payload string.
I can however use the BurpSuite proxy to make the request without URL encoding, resulting in the script execution.
I would like to demonstrate script using only a browser available in the client environment. Any ideas on how this could be achieved?
