Stored XSS into anchor href attribute with double quotes HTML-encoded
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded
Last updated
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded
Last updated
Let's go and comment the following under the post.
We can now open Left CLick > Inspect to open the developer tools and search our website.com payload.
As we can see, it is being inserted in the href attribute of the <a> tag.
In order to solve the lab, we have to use the following payload in the Website input field:
Let's verify if the payload has been inserted properly.
Now, if we click on the <a> tag link, the Javascript will be executed, generating an alert.
We have solved the lab.
