🧪 Lab Information

• Type: Reflected Cross-Site Scripting (XSS)
• Goal: Perform an XSS attack that runs the alert() function.

📋 Steps to Solve

• 🔍 Find the Reflection
  • Type any word in the search bar (example: test).
  • You will see that what you type appears in the page HTML (source code).
• 💡 Understand the Vulnerability
  • The input is shown directly inside an HTML element.
  • This makes it possible to insert JavaScript code (Reflected XSS).

💻 Create the Payload

• We close the current HTML tag and add our JavaScript:

   <h1>0 search results for 'test'</h1><script>alert("Xss Is Here")</script><!--'</h1>-->
  

🚀 Inject the Payload

• Put the payload in the search bar.

• In the HTML source, it will look like this:

  '</h1><script>alert("Xss Is Here")</script><!--
  

🎯 Result

• When the page loads, the alert will appear.
• Congrats You solved the lab 🎉