LAB 18 - Reflected XSS into a JavaScript string with single quote and backslash escaped

Initial instructions

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality. The reflection occurs inside a JavaScript string with single quotes and backslashes escaped.

To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function.

To complete this lab I used the following XSS payload.

</script><script>alert(1)</script>

So I entered this payload into the search bar and clicked Search.

And then it triggered the XSS payload.

This worked because we closed another script tag and then injected our one.

Congratulations, you solved the lab!