First tutorial on the forum! Yay!
Notice how the text hello is rendered onto the screen. Now try using the textbox to render some HTML code. You will notice that this also renders to the screen.
Now try typing
What happens? (reply to this thread with the answer)
Now, I will teach you how to prevent this:
Do not do this:
<?php echo $_GET['text']; ?>
<?php echo htmlspecialchars($_GET['text']); ?>
Try a package:
DjangoTry a package:
Try running XSS on my new and improved project: