Instruction
This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.
To solve the lab, perform a cross-site scripting attack that calls the alert function.
Solution
- Try to search some keyword using search form
- Notice the url changed to
https://0a5f00c503561fcf843f90e5009d00cb.web-security-academy.net/?search=mysearchword - Try to search again using value
<script>alert('hello')</script>and search - The url will changed like this and the alert will showed up
https://0a5f00c503561fcf843f90e5009d00cb.web-security-academy.net/?search=%3Cscript%3Ealert(%27hello%27)%3C/script%3E - solved