Cross-Site Scripting Lab Breakdown: Reflected XSS into HTML context with nothing encoded

▹ Watch me Live on Twitch every Monday and Thursday! - https://twitch.tv/garr_7 ▹ Twitter: https://twitter.com/garrghar Portswigger Web Security Academy Cross-Site Scripting (XSS) Lab: Reflected XSS into HTML context with nothing encoded - https://portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded Additional References for Further Exploration: Awesome In-Depth XSS Breakdown by PwnFunction - https://youtu.be/EoaDgUgS6QA ------------------------------------------------------------------------------ In this series, we take a look at Web Security Academy's Cross-Site Scripting (XSS) labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild. Timestamps: 0:00​ Intro 0:33 What is Cross-Site Scripting? 1:38 Important Question to Answer 2:25 Reflected XSS 3:00 Lab Start: Basic XSS Enumeration 4:28 Final Payload 5:28 Recap 5:57 Outro ------------------------------------------------------------------------------ Music: “Friends” Produced by Hyper Potions https://youtu.be/OEboG4LnUBI “High Noon” Produced by Bankrupt Beats https://youtu.be/d8v2tuTtSc0 “Snickers” Produced by Epidemic Sound / Damma Beatz https://youtu.be/CHZzUYcASDQ “Ikebaby” Produced by Robotprins https://youtu.be/APAekwchpkE