This lab contains a XSS vulnerability that is triggered by a click. Construct a clickjacking attack that fools the user into clicking the "Click me" button to execute an XSS payload that alerts document.cookie.
The victim will be using Chrome so test your exploit on that browser.
Use the following HTML template and provide the details as follows:
src="$url?name=<img src=1 onerror=alert(document.cookie)>&email@example.com&subject=test&message=test#feedbackResult"></iframe>
Go to the exploit server, paste your exploit HTML into the "Body text" box, and click "Store".
Click "View exploit".
Hover over "Test me" and ensure the cursor changes to a hand indicating that the div element is positioned correctly. If not, adjust the position of the div element by modifying the top and left properties of the style sheet.
Click "Test me" and you should see an alert.
Change "Test me" to "Click me" and click "Store" on the exploit server.
Now click on "deliver exploit to victim" and the lab should be solved.