Web - Client

Hi guys.

I am completely stuck with this challenge.
I made payload with "mousexxx" events which executes in my browser. I tried all of them, but bot doesn’t trigger any of it.

Give me a tip please.

I’m stuck too, I have a payload working but admin not triggering.

I saw this tip in an old post:
"Some XSS which works on your browser will not be execute by the bot. There is only one XSS available. The bot is CasperJS. You can install it to test your payload if you want."

But haven’t dug into it yet. Would love a hint too if anyone has some progress

Did u figure it out?

for me I use the animation event, it works for any [Ech0 : no swearing please] types of browser, but not for the [Ech0 : no swearing please] bot

[Ech0 : no swearing please]
hint for u: don’t overlook, find the tag and event that are not filtered

is it onclick

No. Your payload must be stand-alone and not require user interaction

I tried all these and still it doesnt work

[Th1b4ud : spoil event]

Too bad because one of them is very interesting ;)

Lol this challenge is annoying, I cant figure it out.

I FINNALY GOT IT!!!!! lol 😎