01 - Reflected XSS into HTML context with nothing encoded

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function.

End goal : call alert function

Start the lab, in hompage there is a search functionality. if i search for a word 'cs' -

It get reflacted in the top of search input box

Now this time we have to search with the payload - <script>alert(1)</script>

After clicking on search button an alert get popped up -

That mean our script get excuted

Lab solved :

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell