Client XSS Exercise-3
Enter Payload
Data Flow
| Source of Data | Data from Source | Data to Sink | Sink causing Execution | |||
|---|---|---|---|---|---|---|
| Ajax response from | HTMLElement.innerHTML |
Vulnerable Code
let responseBody = xhr.responseText;
let responeBodyObject = JSON.parse(responseBody);
let msg = "Welcome <b>" + responeBodyObject.payload + "</b>!!";
document.getElementById("msgboard").innerHTML = msg;