Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
I successfully got empty tags and tried encoding the tags as html entities and to no avail because the output textbox doesn't decode the encoded chars.
Can I PM someone with what I have? I've already went through the OWASP filter evasion cheat sheet for help.
I'm not entirely certain it's actually working, you know, unless I'm missing something, too. I can get it to display the "injection", though it's obviously been through htmlentities()… I don't remember ever having to bypass that, but then again, it was a hell of a long time ago.
