28Eyl
How can tell where this XSS payload gets triggered?
After running XSStrike on example.com/example?example= (for the parameter example), it is certain (10/10 certainty) that the payload %3Chtml%3E%3Cscript%20onpointerenter%3Dconfirm()%3E%3C%2Fscript%3E is an XSS vulnerability.
URL-decoded, this becomes <html><script onpointerenter=confirm()></script>, meaning that a 'confirm' option should appear when my cursor goes... somewhere...
I have tried running it, and moving my cursor randomly around the page, but to no avail.
- Is there a specify location that should trigger the
confirmbox? - Could there be something else stopping the XSS?
