9) Reflected XSS into a JavaScript string with angle brackets HTML encoded

Locate possible injection points

As usual the first step is to analyse the application and the vulnerable feature. Searching for a term (foooo) result in this HTML code that embeds the term within the document:

trying to inject a payload but it is encoded

instead let's try to escape the javascript string and execute an alert.

Replace your input with the following payload to break out of the JavaScript string and inject an alert:
'-alert(1)-'

and we have solved the lab

Previous8) Stored XSS into anchor href attribute with double quotes HTML-encoded Next10) DOM XSS in document.write sink using source location.search inside a select element

Last updated 1 year ago

Was this helpful?