Burp Suite Academy lab – Reflected XSS into HTML context with nothing encoded

Today we start a new series of CTF lab solutions. In this case, we start to solve labs from the Burp Suite Academy from portswigger.net

Objective:

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.
To solve the lab, perform a cross-site scripting attack that calls the alert function.

Solution:

The lab’s URL is always a random series of characters followed by the domain web-security-academy.net
In this case, this is our address:

https://0a4400fd0474beb1c05d5336002300f2.web-security-academy.net/

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *