Web For Pentester – Cross Site Scripting Example 5

Web For Pentesters - Cross Site Scripting Example 1

Hello friends how are you doing? This is Osama and in this example i will be covering the 5 example of Cross Site Scripting of our series of Web For Pentester. And as we move forward in this course the challenges provided in the Lab will get hard and really interesting to solve and a fun way to learn more about your own skills and how the web application works. If you haven’t seen the previous example that we solved then here is the video reference to that post. Example-1 , Example-2 , Example-3 and Example-4 here.

Explanation :-

In this example the word alert halts execution of the web app. In order to have our payload run we should use a different javascript function called eval(String.fromCharCode()) what this does is convert decimal to ascii allowing us to bypass the preg_match function..

http://[yourlab]/xss/example5.php?name=<script>eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))</script>

Here is the Video :-


Please enter your comment!
Please enter your name here