LAB 7 - Reflected XSS into attribute with angle brackets HTML-encoded

Initial instructions

This lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded. To solve this lab, perform a cross-site scripting attack that injects an attribute and calls the alert function.

To complete this lab I used the following XSS payload.

"onmouseover="alert(1)

So I entered this payload into the search bar and clicked Search.

For trigger the XSS we need to move the mouse.

Congratulations, you solved the lab!