LAB 17 - Reflected XSS in canonical link tag

Initial instructions

This lab reflects user input in a canonical link tag and escapes angle brackets.

To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function.

To assist with your exploit, you can assume that the simulated user will press the following key combinations: ALT+SHIFT+X CTRL+ALT+X Alt+X

Please note that the intended solution to this lab is only possible in Chrome.

To complete this lab I used the following XSS payload.

?'accesskey='x'onclick='alert(1)

So I entered this payload into the URL.

Congratulations, you solved the lab!