Xss

Eventless

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Another way

This time both "script" and JavaScript events are blacklisted. But there is still another way to trigger JS execution.

Goal: alert(flag)

Hints

Solution

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result