🚀
v13vv/GitBook
🚀
v13vv/GitBook
  • 🌌About this blog
  • The Author
    • v13vv
  • 2025
    • TryHackMe
    • HackTheBox
    • TheCyberMentor
    • PNPT
    • CPTS
    • AZ-500
  • 2024
    • CTFs
      • idekCTF 2024
        • misc/NM~~PZ~~ - easy
      • 🐭Bandit - OverTheWire
        • Bandit 0
        • Bandit 1 ( level 0->1 )
        • Bandit 2 ( level 1->2 )
        • Bandit 3 ( level 2->3 )
        • Bandit 4 ( level 3->4 )
        • Bandit 5 ( level 4->5 )
      • 🐯Natas - OverTheWire
        • Natas 0
        • Natas 1 ( level 0->1 )
        • Natas 2 ( level 1->2 )
        • Natas 3 ( level 2->3 )
    • Security+ Labs
      • ⛑️CompTIA Security+ - 101Labs.net
        • Lab 41 – Getting a reverse shell on a server through a file upload
        • Lab 42 – Manual privilege escalation using python
    • WEB SECURITY
      • 🍊Web Security Academy - PortSwigger
        • Burp Suite Setup on Kali Linux
        • Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • Lab: SQL injection vulnerability allowing login bypass
        • Lab: Reflected XSS into HTML context with nothing encoded
    • NETWORKING
      • 🌊Wireshark Labs - Jim Kurose Homepage
        • Getting Started
    • POST-QUANTUM CRYPTOGRAPHY
      • A Study of Algorithms Development for Post-Quantum Cryptography
        • NIST Post-Quantum Cryptography Standardization
          • Call for Proposals in Security Aspect
          • Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process
          • KEM / Digital Signature
            • Kyber
              • What is Kyber ?
                • Module Learning With Errors (M-LWE)
              • Kyber Cryptanalysis
                • Timing Attack
Powered by GitBook
On this page
  1. 2024
  2. WEB SECURITY
  3. Web Security Academy - PortSwigger

Lab: Reflected XSS into HTML context with nothing encoded

PreviousLab: SQL injection vulnerability allowing login bypassNextNETWORKING

Last updated 9 months ago

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.

To solve the lab, perform a cross-site scripting attack that calls the alert function.

Solving

XSS / Cross-Site Scripting: One another way of exploiting malicious script into a web. Might be in a form of comment under any particular blog that looks like a normal text but actually contains malicious script. If any other users clicked it, it will run the script as it was written, leads to exploiting.

In this lab, It could be in a form of request url that contains malicious script in it.

As you can see here, the web provided by the lab contains a search box for users, let's try it out.

I searched with a prompt "test", and this is what I got. The interesting part is in the url.

You can see that it's in the template of:

https://<domain>/?search=test

We're going to exploit an alert script by putting a script in the request url. I'm going to do it using burp suite.

This is the typical request GET to the server, notice the part ?search=test we talked about earlier, we're going to sneaky putting an alert script there. And here's a beneficial stackoverflow post about creating a basic alert javascript script:

I'm going to exploit this alert script into the request url, then forward it:

<script>alert('EXPLOITED');</script>

As you can see above, our script worked. If any other user clicked, or send this request url to the server, it will run the script we wrote to alert the browser: EXPLOITED. Noted that: This is only an example, the real world script could be more crucial to your credential and privacy.

And that's how we can finish this lab. Alternative ways:

  1. You may not use burp suite. You may just type the script in the url box by yourself:

https://<domain>?search=<script-here>

  1. You may type the script in the search box.

🍊
Lab: Reflected XSS into HTML context with nothing encoded | Web Security AcademyWebSecAcademy
Call Javascript function from a URLStack Overflow
Logo
Logo
Put a script into the request url