Solving Portswigger Academy: Reflected XSS into HTML context with nothing encoded
This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.
To solve the lab, perform a cross-site scripting attack that calls the
alertfunction.
I think this is the most simple lab to solve where you just need to pop-up an alert box.
When you visit the lab, you will see a search box. If you input a string in search box it will get reflect on the page.
To test if tags are processed by the web app I used simple HTML <i> tag. And it got processed by the web app.
Now let’s test for XSS using script tag and pop-up the alert.As soon as I use the payload <script>alert(‘XSS detected’)</script>, I got the pop-up.
This is how you are able to solve the lab.
