Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded

preview_player
Показать описание
In this lab we run a cross site scripting attack by bypassing the escaping of injected single quotes taking place on the server. This lab is provided by Portswigger with the title - Reflected XSS into a JavaScriipt string with angle brackets and doubles quotes HTML-encoded.

Support This Channel
======================

Please like and subscribe, it means a lot!

Please buy me a coffee so I can continue to make content.

Join our Discord

00:00 Introduction
00:38 Exploring the lab
01:20 Attempting javascript string breakout
02:52 Escaping escaping
04:01 Solving the lab
05:31 Summary
Рекомендации по теме
Комментарии
Автор

bro why this payload didn't work \'-alert()-\' ?

Amit-fnbw
Автор

i dont understand that whaat was the use of this ??

raoashar
visit shbcf.ru