Hello Pentesters, today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. The task is easy, we have to change the only image provided on the targeted page. You can view solutions to the other tasks here.

Task 11: Replace Banner Image | Task Link

This task is of level easy, we can do it with ease. The task is to replace the pentester academy image with our own or any.
Solution:
First find our injection point, by entering some random text into the input field, we will notice that the text gets reflected on the page and then try some injection to be sure of XSS is working.

<script>
var image = document.getElementsByTagName('img')[0].src="https://www.javatpoint.com/images/javascript/javascript_logo.png";
</script>

Copy and URL-encode the code and paste it after the ’url’ parameter on the same page and send it to your victim. The code will go and get the element by tag name img and then change its source to our custom source URL.
That’s all. Refer this post as a quick solution for the Javascript for Pentester tasks. For an in-depth video tutorial, please refer to the video solutions provided at Pentester Academy website.