A page with a password submission form is vulnerable to XSS.
Your objective is to change the action of the resulting form to point to a different location so that the password is not submitted to the normal place.
(Note: Some browsers have anti-XSS protections which prevent this from working. Try using Firefox, Safari, or old versions of Internet Explorer.)
PARAMETERS:
Injection Type - Injection into HTML body
Sanitization - None