I think cos it escaped out of the " and processed the remainder of the code. Two " close the tag.
@faizanelahi5917
Жыл бұрын
If you see the source code closely html += ""; here you can see that the input is stored in the num variable and the src parameter stores its value in single quote '/static...jpg' so to get out of the source he inserted ' in the num variable After the input: frame#1' the code would process like this, html += "
@Ksuvo
Жыл бұрын
hey, can i answer one thing? Why dont u just type an alert into div with class tab? so when you click it, the alert pops up.
@旅行者-r3z
Жыл бұрын
cuz it needs to persistance i think
@pho3_nix
2 жыл бұрын
what do i have to study to understand xss? like did you do it now
Пікірлер: 8