XSS 04

This exercise is one of our challenges on Cross-Site Scripting

PRO
Tier
Easy
< 1 Hr.
9016

Course


In this challenge, the developer has implemented a filter that completely blocks the word "script" in any case. If the request contains "script," the PHP code execution is halted. Your task is to find alternative methods to execute JavaScript and create an alert box with your unique identifier (UUID). You will explore several HTML tags and events such as `onmouseover`, `onclick`, and `onerror` to bypass the filter and successfully execute your payload.

To complete the challenge, you need to first identify the injection point and understand how the filtering mechanism works by testing with the "script" tag. Once you grasp the filter’s behavior, you can use other tags and events to run JavaScript. For instance, you can use the `onmouseover` event in an `` or `