LAB 12 - Reflected DOM XSS

Initial instructions

This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response. A script on the page then processes the reflected data in an unsafe way, ultimately writing it to a dangerous sink.

To solve this lab, create an injection that calls the alert() function.

To complete this lab I used the following XSS payload.

\"-alert(1)}//

So I entered this payload into the search bar and clicked Search.

And our malicious payload it got triggered.

Congratulations, you solved the lab!