Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

Latest commit

 

History

History
23 lines (13 loc) · 1.27 KB

TASK_8.md

File metadata and controls

23 lines (13 loc) · 1.27 KB

Task 8 [Try Now]

Objectives:

  1. Pop the password in an alert box when the user submits the form

So again event handling thing it is. Whenever you click on submit button inside the form, it triggers submit event. By default submit will send all data to action as per specified in method.

You can use .addEventListener() to alert the password and then let the form submit

It is reflecting the query parameter in the input and escaping html characters. So using attributes events onmouseover I was able to complete the objectives

So the payload for it is

" onmouseover="document.forms[0].addEventListener('submit', function(){ alert(document.querySelector('input[type=password]').value) })

NOTE I could have used () => arrow function, to make the payload shorter, but the server is escaping all these characters.

For POC, Click Here