For almost all levels I will be using Burpsuite. Burpsuite is an interception proxy that lets us modify the HTTP request
/ response by intercepting the data between the browser and the web server.
First let’s inspect the source for anything interesting.
We see a “hidden” form that looks interesting… From the level description we know that since we need to share the page
with users, the XSS will be Reflective. Reflective XSS is done via the URL, let’s start testing the URL.
If we insert ‘/TEST’ at the end of the URL and inspect the source again, we will see that our string is being appended to the
hidden input field.
So to insert a <h1> tag, we need to inject a closing tag SQL injection style.
Final injection payload in the URL:
The source now looks like this:
With the “/’>” we are closing the current HTML tag and injecting the <h1></h1> tag.
<h1> gets stripped at the server side.
And if we see the source, we will notice the <script> is stripped.