.png)
5 months ago
49 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality. The reflection occurs inside a JavaScript string with single quotes and backslashes escaped. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function | Karthikeyan Nagaraj
This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality. The reflection occurs inside a JavaScript string with single quotes and backslashes escaped.
To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function.
Submit a random alphanumeric string in the search box, then use Burp Suite to intercept the search request and send it to Burp Repeater.Observe that the random string has been reflected inside a JavaScript string.Try sending the payload test'payload and observe that your single quote gets backslash-escaped, preventing you from breaking out of the string.Replace your input with the following payload to break out of the script block and inject a new script:</script><script>alert(1)</script>Verify the technique worked by right-clicking, selecting “Copy URL”, and pasting the URL in the browser. When you load the page it should trigger an alert.
A YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng
Bengali (Bangladesh) · 
English (United States) ·