I am pentesting a website and I found that I can inject code at value="" `
I can enter all characters except double quotes (") because it encodes them for me.
So, my questions is, can I exploit XSS without leaving the value = " " or is there any way to get out of the value?
http://dlvr.it/S19tmG
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment