19Eki
XSS in <span> where only < and > are encoded
When im doing a penitent, I noticed the application takes the user input and put it in a tag. When I used the string of '';!--"<XSS>=&{()}, I noticed the returned output (when viewing in page source) is '';!--"<XSS>=&{()},. I think that means only < and > and & are encoded.
Another instance I found is user input is reflected in a html attribute of title="USER INPUT". In this context, however, only " and & are filtered.
I'm having some trouble with coming up a payload that will demonstrate the XSS possibility. Any suggestions? So far I've tried url encoding; however, its still encoded when viewing in source
