7) Reflected XSS into attribute with angle brackets HTML-encoded

As a first step, I perform a search and check the result. The response contains the search term in two places.

if we try to escape the value and inject img payload or script payload because the app encodes the brackets

so what we wanna do is to escape the value and add another attribute which the onmouseover to execute code without the user interaction

foooo"onmouseover="alert(1)"

click on search and now if we inspect the input it will be like this

and we have solved the lab

Last updated 2 years ago