I am working on a school assignment. There are a few tasks I need to complete that I've been stuck on for quite sometime now. These goals are a little more complicated then the problem I will lay out but, it will solve the underlying issue that I can't seem to figure out. Any help would be greatly appreciated.
Essentially, I have an html file and there is a vulnerable fake website hosted on my VM. It is essentially a login page through the iceweasel web browser. I have found the vulnerability as one of the fields simply echoes the post value. The user opens my page and it simple makes a post request to the fake website and I insert the script inside the value property of said input. Which looks something like this:
<input type="someType" name="someName" value=""/><script>alert('Hello');</script>">
The problem I am having is that this alert is happening on my webpage and I want it to execute the alert after the vulnerable webpage is loaded. Does anyone know how to accomplish such a feat?
Edit Part3(Solved 2 myself finally):
Once I followed your suggestion of escaping the double quotes and < and > signs I was able to successfully get the alert to execute on the vulnerable web page. I was also successful in sending a function through the script(Part2) it was another syntax error.
For the next part I am dealing with is that I don't want the user to see the "> that is printed to the page when it loads. Is there a way to get rid of that text?
For example:
<input type="someType" name="someName"
value="""/><script>alert('Hello');</script>"/>
the "> is printed to the page. How do I get rid of that/hide it?
