Xss

JS urls

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

A link to the flag

Can you spot the XSS here ?

goal: alert(flag) when the victim click the link

Hints

Hint #1
expand_more

Take a look at javascript: pseudo URL.

Solution

Read the solution
expand_more

You can use javascript: protocol to trigger code execution when the link is opened

$name = javascript:alert(flag)

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result