In the search bar we can input a simple alert function from javascript:
<script>alert(“Hello World”)</script>
When you hit search, a pop-up alert will show your your “Hello World” message. This means your attack was successful.
Notice the end of the URL:
/?search=<script>alert(“Hello+World”)<%2Fscript>
After the question mark (?) is where the query string starts.
This is where you can pass key-value pairs and process your query on the backend side.
We can edit directly in the query string. Below I changed the “Hello World” into “Hello Hello Hello”:
/?search=<script>alert(“Hello Hello Hello”)<%2Fscript>
Once you hit enter, the pop-up message will be changed.
Nice, we have solved this simple lab. Click ok and you will be at the result page.
