Dashboard Articles Playground Discussions More
Follow

Help needed

Amoola
5 years ago

0

So, I have been trying to inject the textarea with an event handler that has the XSS in it, then posting. But, it doesn’t work.
I even tried putting the event handler in the submit button, and the hidden input tag.
I tried encoding the input.
I once had the alert pop up but that was using a method that didn’t have the exact input string, so I didn’t pass.

Can anyone nudge me in another direction?

4replies
3voices
208views
Smyler [WHGhost]
5 years ago

0

Enter some text in the text area and submit. Look at the new page. Think about what XSS is.

thanhtuan
5 years ago

0

you try to input the text and see what would be delete after filter, then you can understand how the filter work and bypass it.

Amoola
5 years ago

0

Still stuck in it.. I tried out <script>alert(‘HackThis!!’);</script> and it gave me the output as described but no alert

Smyler [WHGhost]
5 years ago

0

You need to execute the code, not to display it.

You must be logged in to reply to this discussion. Login
1 of 5

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss