Hello everyone,
I just ended the XSS module spending several hours on it due to some misunderstanding.
During my experience, could you please explain me why:
- in Session Hijacking section, if I give a look on page source, I see that the
<input>arguments likename,placeholder… have the single quotes among the value inside, for example:
<input name='username' placeholder='Username' type='text'>
but when you must inject the code, it works if you start the injection with a double quotes">and does not work with a single quote'>. Why? Looking the page source should not be more correct with'>since the values of the arguments above are between single quotes? - Why if I start a PHP server on port 8081 my injection does not work while if I start on port 8080 it works?
Thank you in advance