Name: IS THE BACKSLASH ESCAPED!? If not, this is how you can use them …
Uploaded: 2024-03-02T19:14:24+00:00
Description: Everything seems escaped. How about backslashes? If not then you might have found a "Context Break" gadget. Say you've got the following scenario: X = "your input";…

Interested in going full-time bug bounty? Check out our blueprint!

Everything seems escaped. How about backslashes? If not then you might have found a "Context Break" gadget.

Say you've got the following scenario:

X = "your input";
Y = "your input";

Try adding a backslash to the end of your input to un-terminate the string. If the backslash isn't escaped then you could break the context like this:

X = "your input\"; Y ="+alert(1)//";

BANG. JS execution.

We discuss this gadget and more in this episode: ctbb.show/59

IS THE BACKSLASH ESCAPED!? If not, this is how you can use them to break context for JS execution.

Listen On

Recent Episodes