Stored XSS into anchor href attribute with double quotes HTML-encoded
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded
Last updated
https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded
Last updated
Let's go and comment the following under the post.
We can now open Left CLick > Inspect
to open the developer tools and search our website.com
payload.
As we can see, it is being inserted in the href
attribute of the <a>
tag.
In order to solve the lab, we have to use the following payload in the Website
input field:
Let's verify if the payload has been inserted properly.
Now, if we click on the <a>
tag link, the Javascript will be executed, generating an alert.
We have solved the lab.