LAB 9 - Reflected XSS into a JavaScript string with angle brackets HTML encoded¶
Initial instructions¶
This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets are encoded. The reflection occurs inside a JavaScript string. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function.¶
To complete this lab I used the following XSS payload.
So I entered this payload into the search bar and clicked Search.
And it will trigger the XSS successfully.
