Remember: With a GET request, the parameters are always in the query (part after ?) part of the URL

HTML Source code injection XSS

So now let's apply this to some basic labs first. Can you find the XSS in this page?

https://labs.hackxpert.com/RXSS/GET/10.php

You should be looking for reflected XSS in the HTML source code

Untitled

HTML Comment injection XSS

This is a vulnerability context that we have not really gone deeper into, but again simply inspect the code, see how the HTML comment ends and use those characters.

https://labs.hackxpert.com/RXSS/GET/20.php

Untitled

HTML tag attribute XSS

We can see a new input tag appearing on the page upon submitting a value. Our value appears to get reflected in the <input value="OUR INPUT">. Of course, without the proper sanitization, the attacker can insert code that breaks out of the HTML tag but be mindful the " is just an illusion :) I used a different quote in the back-end.

https://labs.hackxpert.com/RXSS/GET/30.php

Untitled

XSS Straight into JS code

Upon submitting our value and investigating our source code we can see that our value gets reflected into the JS code, we can again break out of this and insert our own code. Try playing with the quotes if it does not work the first time.

https://labs.hackxpert.com/RXSS/GET/40.php

Untitled