Reflected XSS - Search Injection

Beginner A03:2021 - XSS 100 points

Challenge Description

This search page is vulnerable to Reflected Cross-Site Scripting (XSS). The search term you enter is reflected back in the page without proper sanitization.

Your goal is to:

Inject JavaScript that executes in the browser
Use your payload to "steal" the admin's session cookie
The flag is hidden in the admin session cookie

Learning Objective: Understand how reflected XSS works and why output encoding is essential for web security.

Simulation Note: For this challenge, we're simulating that the admin has a session cookie. In a real attack, you'd need to trick the admin into clicking a malicious link. Here, you can directly see the effect of your XSS payload.

Admin Cookie: admin_session=FLAG{R3FL3CT3D_XSS_HUNT3R}

Product Search (Vulnerable)

Submit Flag

Common XSS Payloads (Educational)

These are common payloads used to test for XSS vulnerabilities:

<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>
<body onload=alert('XSS')>
"><script>alert('XSS')</script>

Hints -10% per hint

Debug Options

Show generated HTML