0

I have submit the following text <script>javascript:alert(document.domain); in a feedback of a restaurant listed on a website and feedback is sent to website not restaurant.

I want to verify but I am not sure if the code is valid or not according to javascript.

Improve this question
2
  • 1
    Have you tried an online javascript interpreter? Do you see that the syntax is not complete for Javascript? What have you done to attempt to verify that this code is valid? Commented Feb 5, 2024 at 16:10
  • 1
    I'm not an XSS guru, but I thought it was simply <script>alert(document.domain)</script> Commented Feb 6, 2024 at 9:45

1 Answer 1

Reset to default
1

The correct syntax will look something like this <script>alert(document.domain)</script> , since if you do not close the script tag your script will continue to pickup anything that is after it and can mess up the execution

I recommend trying these in your own environment to get familiar, perhaps try out DVWA.

Improve this answer
2
  • Welcome to the community. An alternative to DVWA (more modern) is OWASP Juice Shop but it uses the MEAN stack. Commented Feb 8, 2024 at 17:55
  • Thank you! Oh yeah I tried that one a while ago, I liked it Commented Feb 9, 2024 at 17:58

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.