Bug Bounty Hunting - Lesson 49. XSS payload question

Hello again,

So, all the lessons so far in the reflected XSS section, the payload that gets balanced uses

In Lesson 49 we are shown
Why is it we use the img tag instead of the script tags in this one? Why does the not work as it previously did in other examples? Maybe I got distracted by the kids in the video screaming and banging about in the background :wink:

When I learn these things, I like to know ‘why’ I am doing something, so I know for next time. Rather than being told to do it without explanation.

Thanks
Stu

So many times the website owners secure their site in a particular way that normal script tags don’t work. You can use many attributes to do XSS. You can see several other attributes being used at this site: https://owasp.org/www-community/attacks/xss/

Its just like college boss you still have to take the time to research information yourself as with anything in life. The instructor tells you the basics and its your job to do your own research. I don’t think they have the time to baby walk you through every detail.

1 Like