In this lab we launch a reflected cross site scripting attack by injecting into a html attribute. This is Burp's security lab with the title - Reflected XSS into attribute with angle brackets HTML-encoded.
Support This Channel
======================
Please like and subscribe, it means a lot!
Please buy me a coffee so I can continue to make content.
https://buymeacoffee.com/zenshell
Join our Discord
https://discord.gg/pBcXkvzu
00:00 Introduction
00:15 Arbitrary search string
01:29 Breaking out of the html attribute
02:34 Post analysis
03:14 Why does it work?
05:00 Exploit details
