# JavaScript Execution XS Leak
{{#include ../../banners/hacktricks-training.md}}
```javascript
// Code that will try ${guess} as flag (need rest of the server code
app.get("/guessing", function (req, res) {
let guess = req.query.guess
let page = `
hello2
`
res.send(page)
})
```
Main page that generates iframes to the previous `/guessing` page to test each possibility
```html
hello
```
{{#include ../../banners/hacktricks-training.md}}