Replies: 1 comment
-
|
Hi raiderAIs, I won't give you the solution, but I will make a suggestion; encodeURI encodes only a subset of all characters. Given this is an easy lab, one would assume that that subset does not entirely cover all of the characters required to perform an XSS attack, and equally that it's not something super contrived (like the encoding you try in your example). Also, remember to inspect element and read any JavaScript code in the challenge. Cheers, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I'm new to XSS and have been trying this challenge for the past hour. I have tried setting the img src to javascript:alert(), I've tried %26%23x22%3B/onerror=alert(document.cookie), but haven't been able to solve it even though difficulty is easy, any help is much appreciated.
Beta Was this translation helpful? Give feedback.
All reactions