# Introduction.
: BWAPP → Medium→ HTML Injection - reflected (GET)
# Training
: If we enter the input value in the middle step like the low step, the output is as follows.
I wondered why this is so I checked the source code. The source code is located in /var/www/bWAPP. The contents of the source code are as follows.
I could see that the function xss_check_1 is used at the medium level. The xss_check_1 could be found in functions_external.php.
I could see that < & > convert to another character. Therefore, I typed URL encoding of the character used in the tag.
- %3Ch1%3ESuccess%3C%2Fh1%3E
- %3Cimg src=http://192.168.10.119/bWAPP/images/bee_1.png%3E
The results were as follows.
No comments:
Post a Comment