004: Cross Site Scripting in Javascript sinks

Today we cover the the next few labs in the Web Security Academy XSS series. In the first one, the website is successfully escaping/encoding some of our malicious input, so we have to try to get the site to handle our input differently. On the second lab the sink was a function called innerHTML, which knows that injected scripts are a problem, and does not execute them. We had to work around this by trying to inject an img tag, and causing an error. Thanks. . Thanks to bensound.com for the tunes. #hacking #tutorial #exploit #vulnerability #intro #learning #security #software #computerscience #computer #cybersecurity #webbrowser #html #http #xss #crosssitescripting #webserver #websecurity #academy #portswigger #burpsuite