You are currently browsing the tag archive for the ‘XSS’ tag.
I was kind of looking (pentester way) on a website and I saw that they could have a XSS flaw on the search field. Inserting the following string „<b>tester” on the search field, it get reflected back but just on the <title> tag like this.
<title>Cauta <b>tester – ……………</title>
There is a classical XSS, but what made that one interesting to me was the <title> tag.
<title>Cauta<script>alert(1);</script> – ……………</title> => is not working
</title><script>alert(1)</script>&submit=Cauta => is working
Speaking with a friend, he gave me also an alternative the idea of inserting the <body> tag and create in this way a new HTML document.
worked also like a charm.