Intigriti 
Can you spot the vulnerability? π
Show us how you'd steal your victim's API key in the comments π
The best explanation gets a 25β¬ SWAG voucher!π«
Patrick $8 @Intigriti Phishing link with modified icon parameter. Inject additional attributes into the link element as space is probably not disallowed by htmlspecialcharacters. Without reading the docs I donβt know what else
@Intigriti onload or another JS code attribute with a Beef hook probably