X corp made a new filtration for input data, prove it is secure enough.
Challenge Link: https://cybertalents.com/challenges/web/x-corp
It an easy challenge will make you encounter with a reflected XSS vulnerability.
First, you have a parameter called name which the only one in the page. we can add a random value and see where it reflects.
we notice here that our payload is reflected in an image attribute and also it missing a single quote.
What we can do here to trigger an XSS simply we can fix the tag and our own attribute.
And we will get the flag once we trigger the alert.