XSS 04

Bookmarked!

This exercise is one of our challenges on Cross-Site Scripting

PRO
Tier
Easy
< 1 Hr.
9251

In this challenge, the developer has implemented a filter that completely blocks the word "script" in any case. If the request contains "script," the PHP code execution is halted. Your task is to find alternative methods to execute JavaScript and create an alert box with your unique identifier (UUID). You will explore several HTML tags and events such as onmouseover, onclick, and onerror to bypass the filter and successfully execute your payload.

To complete the challenge, you need to first identify the injection point and understand how the filtering mechanism works by testing with the "script" tag. Once you grasp the filter’s behavior, you can use other tags and events to run JavaScript. For instance, you can use the onmouseover event in an or