LAB 19 - Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Initial instructions

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double are HTML encoded and single quotes are escaped.

To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function.

To complete this lab I used this XSS payload.

\'-alert(1)//

So I entered this payload into the search bar and clicked Search.

And it got triggered.

This worked because the single quotes were getting backslash-escaped and I could craft a malicious XSS payload to inject it.

Congratulations, you solved the lab!