HACKR.GG
hackr.gg — ShopEasy Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

ShopEasy

XSS — Context Matters · Cross-Site Scripting (Attribute Context)
Difficulty
Easy
Vuln class
Cross-Site Scripting (Attribute Context)
Steps
3
// Objective
Break out of an HTML attribute value to inject an event handler and steal the session cookie containing the flag.
// Tools required
Browser
// Step-by-step walkthrough
1
Identify the reflection point
Search for a test string like "hackrtest". View source (Ctrl+U) and find where it appears. Notice it lands inside value="" on a hidden input — not in the page body.
Command / Input
http://localhost:$PORT/?q=hackrtest
The body text uses HTML encoding (safe), but the input value attribute does not.
2
Break out of the attribute
The value is delimited by double quotes. Inject a closing quote, then an event handler, then reopen the attribute to keep the tag valid.
Command / Input
http://localhost:$PORT/?q=" onmouseover="alert(document.cookie)
This turns the tag into: <input value="" onmouseover="alert(document.cookie)" ...>
3
Trigger the payload and read the flag
Submit the search, then hover your mouse over the search input box. The alert fires and shows the session cookie.
Output
HackrGG{4ttr_c0nt3xt_x55_br34k0ut}
// Flag
Flag value
HackrGG{4ttr_c0nt3xt_x55_br34k0ut}
Shown in the session cookie when your attribute-context XSS payload fires.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute