[XSS] Reflected XSS Bypass Filter

I would like to write about this but it takes some time to bypass the filter and some time to find the right HTML tag to write a payload.

I was testing on a program which is private let’s call it example.com I found a search field so I start to test it with my lovely value ‘“>< to know what will be blocked I found that the value added to a lot of places on the source code but almost all of them encoded with HTML-Encode but I found my value added on a tag called dfn without encoding so there is a hope to find an XSS so I added an XSS payload but It redirects me to block page because of these < > values not accepted after a few minutes I understand how the function works the function block the request if this < connected to anything like the word <svg or special char <! and if I write a complete HTML tag the filter will delete all of the tag I tried to bypass it using URL-Encoding but it doesn’t work so I tried double encode and it works to bypass it and I wrote a payload like that %253Csvg onload=alert0)%253E this payload added to the source code but there was a problem that the filter delete this = I tried a lot to bypass this but I couldn’t :( I told to my self what? after all of this time I couldn’t execute XSS payload

I asked my friends about payloads without this = and I asked Google but I didn’t found anything, the problem not here the problem is my mind was sleep and when he wakes up I got it

I forgot the king of XSS payloads <script>alert(0)</script> WOW I don’t know how I forgot it but this is our guy so I decoded it and try to execute but there is another problem is these two ( ) so I replaced it with `` and the payload executed I was WooooooooooW

I like this bug and I like you who completed the topic I hope it is helpful to you guys, thanks for reading this, goodbye.