13.25 Lab: Reflected XSS in canonical link tag | 2024

7 months ago 62
BOOK THIS SPACE FOR AD
ARTICLE AD

This lab reflects user input in a canonical link tag and escapes angle brackets. To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function. Please note that the intended solution to this lab is only possible in Chrome | Karthikeyan Nagaraj

Karthikeyan Nagaraj

This lab reflects user input in a canonical link tag and escapes angle brackets.

To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function.

To assist with your exploit, you can assume that the simulated user will press the following key combinations:

ALT+SHIFT+XCTRL+ALT+XAlt+X

Please note that the intended solution to this lab is only possible in Chrome.

Visit the following URL, replacing YOUR-LAB-ID with your lab ID:
https://YOUR-LAB-ID.web-security-academy.net/?%27accesskey=%27x%27onclick=%27alert(1)This sets the X key as an access key for the whole page. When a user presses the access key, the alert function is called.To trigger the exploit on yourself, press one of the following key combinations:On Windows: ALT+SHIFT+XOn MacOS: CTRL+ALT+XOn Linux: Alt+X
Read Entire Article