I was looking for xss vulnerabilities in a bitcoin exchange and came across a url like:
I tried the standard cheat sheet to check for vulns in the ‘amount’ parameter, which was being directly displayed in the webpage. But it had heavy WAF of cloudfare and I kept getting a 403 error. Now I modified it as :
Now, I was able to make the content of ‘amount’ columns as -prompt
1-. But I can’t make a pop-up appear. Is this page vulnerable to xss? How to exploit it?