search
LinkedinGithub

21) Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

hashtag
Locate possible injection points

As usual the first step is to analyse the application, we have a search functionnality so let's search for random string and then open the developer tools and find where the user input is located in the html

as we see our input is reflected in a template literal

hashtag
template literal

JavaScript template literals are string literals that allow embedded JavaScript expressions. The embedded expressions are evaluated and are normally concatenated into the surrounding text. Template literals are encapsulated in backticks instead of normal quotation marks, and embedded expressions are identified using the ${...} syntax.

then you can use the following payload to execute JavaScript without terminating the template literal:

hashtag
payload

and we have solved the lab

Previous20) Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escapedNext22) Exploiting cross-site scripting to steal cookies

Last updated