XSS DOM-Based
Last updated
Last updated
Go to login page form https://127.0.0.1/index.php?page=login.php
and log in using login bypass or inserting password.
Go to a page vulnerable to XSS stored like as: https://127.0.0.1/index.php?page=add-to-your-blog.php
in this two field will inject our payload:
the image 1 does not exist, so the alert will be triggered, the command will be injected into DOM and execute on the page:
