1. Web Security Academy
  2. Cross-site scripting
  3. Contexts
  4. Lab

Lab: Reflected XSS in canonical link tag

PRACTITIONER

This lab reflects user input in a canonical link tag and escapes angle brackets.

To solve the lab, perform a cross-site scripting attack that injects an attribute that calls the alert function.

To assist with your exploit, you can assume that the simulated user will press the following key combinations:

  • ALT+SHIFT+X
  • CTRL+ALT+X
  • Alt+X

Please note that the intended solution to this lab is only possible in Chrome.