In this post, we are going to solve the PortSwigger lab: “Reflected XSS into HTML context with nothing encoded”.

Lab homepage for Reflected XSS into HTML context

To solve the lab, we need to perform a Cross-site Scripting attack that calls the alert function.

When we enter the lab, we see a search field:

Initial view of the lab with search bar

Let’s try searching for anything:

Test search in the search bar

Search result showing the reflected term

If we look closely, the search term is reflected on the website. Therefore, we can try to inject JavaScript code using the onerror attribute in the <img> tag.

This way, if it fails to load the image we specify in the src attribute, it will execute what we write in onerror:

XSS payload inserted in the search bar

JavaScript alert executing successfully

As we can see, it indeed failed to load the image, therefore the alert is executed. This way, we successfully solve the lab.

Share on X Share on LinkedIn Share on Telegram
Comment on Discord Visit the author page