Reflected XSS into attribute with angle brackets HTML-encoded
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-attribute-angle-brackets-html-encoded
Last updated
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-attribute-angle-brackets-html-encoded
Last updated
Let's insert the following payload in the search field:
We can now open Left CLick > Inspect to open the developer tools and search our payload.
We can see that our test_payload has been inserted into the value attribute of the <input> tag.
In order to generate an alert, we need to first escape the value attribute and than add an onmouseover event attribute.
The alert will be displayed only when we hover over the input field with our mouse.
We have solved the lab.
