[OWASP-Security101] Help with Proof of Concept - XSS

Patrick Laverty patrick_laverty at brown.edu
Thu Jun 28 02:49:48 UTC 2012

I've identified a site where I can inject anything into the source,
like basic text, html tags or images from any other site. I'd like to
show the owner something a little more scary than that. I tried to add
in <script type='text/javascript'>alert(1)</script> and that does go
into the source, but I don't get the alert box to show. I did turn off
my popup blocker in the browser. I tried most of the suggestions from
the rsnake cheat sheet too.

Any suggestions on what I could be missing?

Thank you.

More information about the Security101 mailing list