# 18) Reflected XSS into a JavaScript string with single quote and backslash escaped

<div align="left"><figure><img src="https://1410593648-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYI2noEqPw69jd0hR7Prp%2Fuploads%2FxIt2VH4EDkGr4NZK8oVn%2Fimage.png?alt=media&#x26;token=ebabe7bb-75d0-4103-a6ba-6a532a5a17ab" alt=""><figcaption></figcaption></figure></div>

#### Locate possible injection points

As usual the first step is to analyse the application, we have a search functionnality so let's search for random string and then open the developer tools and find where the user input is located in the html

<div align="left"><figure><img src="https://1410593648-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYI2noEqPw69jd0hR7Prp%2Fuploads%2FZMts6cSJfg397ZBTExdg%2Fimage.png?alt=media&#x26;token=163c8209-3dfb-4c2c-8feb-bd6f68730339" alt=""><figcaption></figcaption></figure></div>

since the single quote and backslash escaped preventing us from breaking out of the string. we will try to do another attack vecor which is trying to close the script tag and include our own script tag

### <mark style="color:blue;">Payload</mark>

```
</script><script>alert(1)</script>
```

<div align="left"><figure><img src="https://1410593648-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYI2noEqPw69jd0hR7Prp%2Fuploads%2FDGgCocs91bMHjQGPhgmN%2Fimage.png?alt=media&#x26;token=8a04515a-f604-4304-b38c-1267de944473" alt=""><figcaption></figcaption></figure></div>

and we have successfully managed to trigger an alert

<div align="left"><figure><img src="https://1410593648-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYI2noEqPw69jd0hR7Prp%2Fuploads%2FzQpJbprYgTShrq5T4CAN%2Fimage.png?alt=media&#x26;token=5d972a07-a2aa-4622-8112-0865d59556e3" alt=""><figcaption></figcaption></figure></div>

and we have successfully managed to trigger an alert

<div align="left"><figure><img src="https://1410593648-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYI2noEqPw69jd0hR7Prp%2Fuploads%2FsliyQziEYhGneY7bhjkr%2Fimage.png?alt=media&#x26;token=37602f2d-1d5d-425f-82e4-b9cdcfd4a2ee" alt=""><figcaption></figcaption></figure></div>

and we have solved the lab

<div align="left"><figure><img src="https://1410593648-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYI2noEqPw69jd0hR7Prp%2Fuploads%2FgVq46UFbxO49xwFNM7Nw%2Fimage.png?alt=media&#x26;token=2cf2ed0a-fc80-487d-88c4-1adb65660458" alt=""><figcaption></figcaption></figure></div>