01 - Reflected XSS into HTML context with nothing encoded

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function.

End goal : call alert function

Start the lab, in hompage there is a search functionality. if i search for a word 'cs' -

It get reflacted in the top of search input box

Now this time we have to search with the payload - <script>alert(1)</script>

After clicking on search button an alert get popped up -

That mean our script get excuted

Lab solved :