Level 1: Reflected XSS into HTML context with nothing encoded
Objective
This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.
To solve the lab, perform a cross-site scripting attack that calls the alert function.
Explanation
In this lab, the application reflects user input directly into the page's HTML context without applying proper encoding or sanitization. When a user enters a search term, the input is embedded in the HTML response. By injecting a malicious script, we can cause the browser to execute the script, demonstrating an XSS vulnerability. In this case, we aim to execute an alert() function to confirm the successful exploitation.
Resolution
Navigate to the search functionality of the application.
In the search input field, enter the following payload:
<script>alert('XSS test')</script>Press Enter to submit the search.
Upon submission, an alert box will appear, confirming the successful execution of the script.
You will then see the lab completion notification.
Mitigation
Always sanitize user inputs to prevent the injection of malicious scripts.
Escape output before reflecting user input in the HTML context.
Use Content Security Policy (CSP) headers to restrict the execution of malicious scripts.
Implement input validation to filter out dangerous characters such as
<,>, and'.
Last updated