Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

As observed we have search box.

Now, Let’s try to search for anything.

For me I searched for Rem01x and it seam that the our search reflected on screen.

Now, Let’s take a look at the code.

Please notice that there is a function called doSearchQuery() which will take a query as a parameter and then search for it.

First the user will search for something the website will take the search and save it to a variable called query then will validate if the query is found after checking the website will call the doSearchQuery() function and give it the query that the user input without any input filtering

Now let’s try to enter a malicious JavaScript Code.