Stored XSS into HTML context with nothing encoded

By /
Stored XSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

1: Access the Lab.

Website: https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded

Lab Stored XSS into HTML context with nothing encoded 1

2: Open the post.

Lab Stored XSS into HTML context with nothing encoded 2

3: Enter the following payload in the comment box.

Payload: <script>alert(1)</script>

4: Enter a name, email, and website.

5: Click “Post comment”.

Lab Stored XSS into HTML context with nothing encoded 3

6: The Lab has been completed.

Lab Stored XSS into HTML context with nothing encoded 4

PortSwigger Labs

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top