[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Sometimes when I'm bored I like to trawl low-budget sites

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Sometimes when I'm bored I like to trawl low-budget sites
Thread replies: 5
Thread images: 2

Anonymous
2017-03-11 11:16:20 Post No. 59346747
[Report] Image search: [Google]
Anonymous 2017-03-11 11:16:20 Post No. 59346747 [Report]
Sometimes when I'm bored I like to trawl low-budget sites for XSS (and if I'm lucky, SQL injection) vulnerability.

I've recently noticed that some sites seem to do something interesting. I enter my payload into an input or wherever will reflect it back when I submit the form and the webpage simply echoes the payload onto the page instead of executing it.

See pic: non-coloured text is the string I have entered.
First I tried with just 
<script>
tags but after that didn't work, I figured I needed to escape the 
<h2>
tags.

Is this the website itself refusing to execute it, or Chrome?

Because there's no reason that shouldn't execute otherwise. It's valid HTML.
>>
Anonymous 2017-03-11 12:18:02 Post No.59347312
[Report]
Anonymous 2017-03-11 12:18:02 Post No.59347312 [Report]
You used 
</h2>
twice and didnt declare the start of a decond one you dumb poo poo!
>>
Anonymous 2017-03-11 12:29:21 Post No.59347397
[Report] Image search: [Google]
Anonymous 2017-03-11 12:29:21 Post No.59347397 [Report]
>>59347312
Oops, wrong screenshot.
But same thing with the <h2>.
>>
Anonymous 2017-03-11 12:36:03 Post No.59347458
[Report]
Anonymous 2017-03-11 12:36:03 Post No.59347458 [Report]
>>59346747
https://www.youtube.com/watch?v=ciNHn38EyRc
>>
Anonymous 2017-03-11 12:45:30 Post No.59347529
[Report]
Anonymous 2017-03-11 12:45:30 Post No.59347529 [Report]
JavaScript inserted through the DOM isn't executed.
Thread posts: 5
Thread images: 2
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.