This is a fairly tricky XSS lab with the title 'Reflected XSS in a JavaScript URL with some characters blocked'.
We break down the payload into sections and explore the underlying JavaScript to get a full understanding of how the payload works.
Support This Channel
======================
Please like and subscribe, it means a lot!
Join our Discord
https://discord.gg/E9Ksg9MzZ4
00:00 Introduction
00:31 Analysing the decoded payload
03:13 Javascript Throw
05:55 Onerror = alert
07:50 The arrow function
09:50 toString = x
12:36 The injection
15:03 Superfluous function arguments
20:17 Exiting the injection
21:03 Solving the lab
21:42 Post analysis
