Full Stack Conf
1 minute to read
We are provided with this webpage:
At the bottom of the page we have a text input:
If we provide some data, we see a message:
However, the website tells us to pop an alert(). This is usually a proof of concept for Cross-Site Scripting (XSS) payloads. One of the simplest payloads for XSS is:
<img src=x onerror=alert(1)>
If we use it, we will see the flag in the alert (HTB{p0p..p0p..p0p...alert(1337)}):
