Reflected XSS into attribute with angle brackets HTML-encoded
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-attribute-angle-brackets-html-encoded
Last updated
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-attribute-angle-brackets-html-encoded
Last updated
Let's insert the following payload in the search field:
We can now open Left CLick > Inspect
to open the developer tools and search our payload.
We can see that our test_payload
has been inserted into the value
attribute of the <input>
tag.
In order to generate an alert, we need to first escape the value
attribute and than add an onmouseover
event attribute.
The alert will be displayed only when we hover over the input field with our mouse.
We have solved the lab.