ShopEasy — XSS in Attribute Context

ShopEasy encodes HTML in the page body but reflects your search term raw inside a value attribute. Break out of the attribute to fire an XSS and steal the session cookie.

Step-by-step walkthrough ↗

Break out of an HTML attribute value to inject an event handler and steal the session cookie containing the flag.