Exploit XSS in hidden input field

Burp team found a new way to exploit XSS in hidden input fields. The key point is to use accesskey attribute to trigger the onclick event!

<input type=”hidden” accesskey=”X” onclick=”alert(1)”>

Details could be found at http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.htm

Leave a Reply

Your email address will not be published. Required fields are marked *