I m trying to write a tool for encode / decode in this days. PHP has many function to encode / decode such as rot13.
Here is the example code for rot13 encrypt decrypt function.
What will be output?
Ok. This is normal process for ROT13. Lets think bigger for XSS.
as a string.
What happen in source code?
is the encrypted text. Lets inject this code to decrypt.
Bingo bro xD
First Found with PHP function
Output is embeded in textarea markup. Lets try to escape our output.
Ok we got it. Time to prepare vector.
script tag is not work for this site. Just use event handlers with agnostic markup like xml tag.
Thanks for reading