Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded

Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Untitled

Please notice the search functionality.

let’s search for anything.

Untitled

Notice that our search reflected to the page.

Now, let’s inspect the source code.

Untitled

My name is reflected to a JavaScript code.

let’s try to breakout the code.

'-alert(1)-'

Untitled

Now, press search.