Security level: low
We have option to select language and value is reflected in GET parameter default=English.
payload=<script>alert(document.cookie);</script>
using this it will trigger an alert pop up with cookie values.
Security level: medium
we are stuck inside option tag so we have escape that and we can’t use script tag because that is blocked so we use image tag.
payload=" ></option></select><img src=x onerror="alert(document.cookie)">
Security level: high
This time server is using whitelist we can bypass that by puting our payload after #
because anything after #
is not sent to
server but still reflecting on the page.
payload=#<script>alert(document.cookie);</script>
Happy Hacking