05 - DOM XSS in jQuery anchor href attribute sink using location.search source
To solve this lab, make the "back" link alert document.cookie.
Given XSS in submit feedback page
End goal call alert function
There is a back link in the bottom right of the submit feedback form. Inspect on the back link. In the code you will find that the href of the a tag (back) is changed with the value of ReturnPath from url parameter. Which means value of the parameter name - returnPath , is getting called when user click on back. We can call javascript protocol to run a alert function. Payload would be
Payload javascript:alert(document.cookie)

Change the value of ReturnPath and then click on the back link which is situated at the bottom right of submit form.
Lab solved -
(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)