XSS in hidden input field

Methodology:

  1. Using type=”hidden” attribute inside an <input> tag.
  2. Putting the <input> tag inside another element and setting its style to display:none

How did I perform the XSS?

developers wondering how I got inside 😂

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Faizan Elahi

Faizan Elahi

Security Researcher| Bug-crowd | Synack SRT member