18) Reflected XSS into a JavaScript string with single quote and backslash escaped

Locate possible injection points

As usual the first step is to analyse the application, we have a search functionnality so let's search for random string and then open the developer tools and find where the user input is located in the html

since the single quote and backslash escaped preventing us from breaking out of the string. we will try to do another attack vecor which is trying to close the script tag and include our own script tag

Payload

</script><script>alert(1)</script>

and we have successfully managed to trigger an alert

and we have successfully managed to trigger an alert

and we have solved the lab