XSS 04
Bookmarked!This exercise is one of our challenges on Cross-Site Scripting
In this challenge, the developer has implemented a filter that completely blocks the word "script" in any case. If the request contains "script," the PHP code execution is halted. Your task is to find alternative methods to execute JavaScript and create an alert box with your unique identifier (UUID). You will explore several HTML tags and events such as onmouseover
, onclick
, and onerror
to bypass the filter and successfully execute your payload.
To complete the challenge, you need to first identify the injection point and understand how the filtering mechanism works by testing with the "script" tag. Once you grasp the filter’s behavior, you can use other tags and events to run JavaScript. For instance, you can use the onmouseover
event in an or