Added Full width unicode lt/gt

Browsers will ignore the ＜script＞, but if it's stored into a SQL varchar it get's converted into < and thus a persisted XSS
2025-09-24 21:01:32 +02:00 · 2015-08-10 20:54:00 -04:00
parent 3fdbc7f944
commit 5fa6653a89
1 changed files with 1 additions and 0 deletions
--- a/blns.txt
+++ b/blns.txt
@@ -194,6 +194,7 @@ Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮
 onfocus=alert(document.title) autofocus 
 " onfocus=alert(document.title) autofocus 
 ' onfocus=alert(document.title) autofocus 
+＜script＞alert(document.title)＜/script＞

 #	SQL Injection
 #