XSS using HTML 5 Event Handlers

I recently had some luck using HTML 5 event handlers to exploit XSS. This post includes some of the outcomes and a bit of how to replicate the steps using Burp Suite's Intruder using some wordlists stuck at the end of this post. The target had attempted to use blacklisting to prevent dangerous tags and… Continue reading XSS using HTML 5 Event Handlers