Xss

JS urls

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

A link to the flag

Can you spot the XSS here ?

goal: alert(flag) when the victim click the link

Hints

Solution

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result