Portswigger XSS-Lab 1

Hello everyone , in this post I will be sharing my solution for the Portswigger XSS Lab 1 , which is a very simple lab in which we have to trigger the reflected xss by popping an alert dialog box.

Reflected XSS into HTML context with nothing encoded

The task of this lab is this to exploit reflected XSS which allows anyone to include script within the GET parameter of the page through which the link can be sent to anyone and on opening that link it will executed the script or javascript code.

We can try searching for something

Here notice the url link


Here ?search=ARZ , this is the GET parameter .We can try to execute javascript code like this

<script>alert("This is XSS");</script>

And this popped up the dialog box meaning that this web application is vulnerable to Reflected XSS as we can add javascript code from the GET parameter in the url.

BS CS undergraduate | CTF Player