This page will be used for my notes, what is requested, my throughts, how I found the solution and what to remember for the next time.
Lab: Reflected XSS into HTML context with nothing encoded
APPRENTICE This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function.
Notes: OK, an altert function. What is that. After a bit of googling I found that is the function they have asked for. The goal is now, if I send this payload, the website should return a popul with ‘XSS’ as the body, showing that the XSS worked. When accessing the website, there were different blogs. At the top there was a search bar. I did not see this and scrolled down initially, pasting the function into the comments section which failed. But after pasting into the search box, the altert popped up and I solved the lab.
Lab: Stored XSS into HTML context with nothing encoded
APPRENTICE This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed.
Notes: OK, this is the same goal. however, now it is stored, meaning, it very likely a contect form, a comment box or something I can send which gets seen my other users. To solve this, I just accessed a blog which has comments. To add a comment, you need to write the comment, your name, email and website into different distinct textboxes. I pasted the altert into the Comment and name box. Upon sending it and reaccessing the website, I saw the XSS pop up and received the notification that I solved the lab.
Or how PortSwigger said:
Enter the following into the comment box:
<script>alert(1)</script>
Enter a name, email and website.
Click "Post comment".
Go back to the blog.