i am trying work on an XSS scenario.Would appreciate if anyone can help.
URL: www. abc.com/mydata
"mydata" is landing in html as follows:
200 OK
...
Content-Type: text/html; charset=utf-8
...
...
< select> < option value="mydata"> Anything< /option>
< /select>
......
Since the "mydata" is in URL i can not use a payload with forward slashes.Thus i am not able to use script tag to execute script since i am unable to close it without forward slash. Other payloads like < BODY ONLOAD=alert('XSS')>, since it is not working with options tag.
Does anyone know a way to introduce xss in this scenario?
Let me know if i have missed any details, would be happy to to provide any additional information if required.
Aucun commentaire:
Enregistrer un commentaire