XSS 03

This exercise is one of our challenges on Cross-Site Scripting

< 1 Hr.


In this XSS challenge, the developer has implemented a non-recursive filter to prevent script injection attacks. Despite these efforts, the filter fails to account for the non-recursive nature of the filtering process. By crafting a payload that exploits this flaw, you can successfully inject a script tag and trigger an alert box popup with your unique identifier (UUID).

The key to bypassing the filter lies in understanding its non-recursive behavior. By inserting a string that contains the target string multiple times, you can manipulate the filter to leave behind the necessary script tags, enabling the execution of your payload. Once you achieve the alert popup, you replace the placeholder with your UUID to complete the challenge.

Want to learn more? Get started with PentesterLab Pro! GO PRO