Lucio Monsalbo
EspaΓ±ol
← Back to projects

Writeup β€” XSS Lab

Reflected XSS analysis in a controlled environment.

Burp SuiteOWASP ZAP

Context

Authorized local lab. No third-party data or production systems.

Summary

Reflected XSS in an unsanitized search parameter.

Mitigation

  • Contextual output encoding
  • Content-Security-Policy
  • Server-side input validation

More lab work on TryHackMe and Hack The Box.