Burp Suite Academy lab – Reflected XSS into HTML context with nothing encoded

Today we start a new series of CTF lab solutions. In this case, we start to solve labs from the Burp Suite Academy from portswigger.net


This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.
To solve the lab, perform a cross-site scripting attack that calls the alert function.


The lab’s URL is always a random series of characters followed by the domain web-security-academy.net
In this case, this is our address:


Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *