Reflected XSS into HTML context with nothing encoded

Description

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.

To solve the lab, perform a cross-site scripting attack that calls the alert function.

Approach

After accessing the lab, I immediately noticed a search functionality that takes user input. To test for XSS vulnerabilities, I started with some basic HTML tag injection to observe any abnormal output.

First, I injected a payload that displays the word "hacker" in bold:

<b>hacker</b>

The response was:

0 search results for 'hacker'

This indicated that my HTML tag worked, suggesting that the input isn't sanitized. Based on this, I proceeded to inject a script payload to pop an alert:

<script>alert(1);</script>

When I submitted this payload, I received the alert, confirming the XSS vulnerability. With that, the lab was solved.

PreviousReflected XSS NextReflected XSS into attribute with angle brackets HTML encoded