level 5¶
In signup.html, we observe:
<a href="{{ next }}">Next >></a>
where {{ next }} is the query parameter (default: confirm) on signup page
Change the parameter:
?next=javascript:alert(1)
Click on 'Go' and then 'Next'
In signup.html, we observe:
<a href="{{ next }}">Next >></a>
where {{ next }} is the query parameter (default: confirm) on signup page
Change the parameter:
?next=javascript:alert(1)
Click on 'Go' and then 'Next'