[xss] lab reflected xss into a javascript string w d65f3a32801b4f7b8b5db2f523aa2d74
[XSS] Lab: Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
so the website is taking the input that we’re providing from the search query and placing it within the context of a HTML tag as well as a img src tag and within a
so lets try exploit the way this website is escaping our characters
'\'' <-- Search term
What happens is our first quote is
by simple adding a \before any quote we can escape it tricking program into porvid toe slashed with them canceling each other out. not to run my own alert(1) I need to close this code with a semi colon ; and then just add alert(1)
right now there is a error in our java script code because we can see that the document.write isn’t executing.
this was the payload:
https://labID.web-security-academy.net/?search=\'; alert(1)//'
to by-pass the error I simple just added two forward slashes to comment out the rest of the java script.
