Our community has moved to Discord. Join us there!
Cybr.com/Discord
These forums are still up for historical purposes.

Home Page Forums General Discussions Cybersecurity My XSS attempt doesn’t seem to work on a simple HTML page I made Reply To: My XSS attempt doesn’t seem to work on a simple HTML page I made

  • Christophe

    Administrator
    January 16, 2022 at 12:37 am

    Hey @techblazes ! Answered in Discord but will also answer here for anyone else wondering.

    Your sample code is vulnerable and does work with certain payloads.

    .innerHTML doesn’t allow for scripts to be executed, so it actually prevents XSS payloads that use script tags (like <script>alert(1)</script>)

    It does not prevent XSS payloads that make use of onload events, like: <img src=x onerror=alert();>

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts

Please allow a few minutes for this process to complete.

Report

You have already reported this .