7) Reflected XSS into attribute with angle brackets HTML-encoded
As a first step, I perform a search and check the result. The response contains the search term in two places.
if we try to escape the value and inject img payload or script payload because the app encodes the brackets
< becomes <
> becomes >
so what we wanna do is to escape the value and add another attribute which the onmouseover to execute code without the user interaction
foooo"onmouseover="alert(1)"click on search and now if we inspect the input it will be like this
and we have solved the lab
Previous6) DOM XSS in jQuery selector sink using a hashchange eventNext8) Stored XSS into anchor href attribute with double quotes HTML-encoded
Last updated
Was this helpful?