XSS DETECTED! Alert was called!

Advanced XSS Lab

WAF Bypass | CSP Evasion | Filter Bypass | Advanced Techniques
ADVANCED

Challenges

1 WAF Bypass - Script Tag Blocked 2 WAF Bypass - Event Handler Blocked 3 WAF Bypass - Case & Encoding 4 CSP Bypass - Nonce 5 CSP Bypass - unsafe-inline blocked 6 Mutation XSS (mXSS) 7 Blind XSS 8 Polyglot XSS
Level 6: Mutation XSS (mXSS)
A sanitizer strips <script>, on*=, and javascript:. But the sanitized output goes through innerHTML which causes browser HTML parser mutations. Exploit it!
Expert
Sanitizer Active
Sanitizes: <script>, on*=, javascript:. Output goes through innerHTML.
Show Hint
mXSS exploits browser parser quirks: <math><mtext><table><mglyph><style><!--</style><img src=x onerror=alert()> or try <svg><p><style><img src=x onerror=alert()>