Reflected XSS in canonical link tag

Description

The website in this lab reflects user input in a canonical link tag and escapes angle brackets. Note: The solution to this lab is only possible in Chrome.

Reproduction and proof of concept

  1. Visit the following URL, replacing lab-id with your lab ID:

https://0a8e007b03ebd129c06bf93500c800bd.web-security-academy.net/?%27accesskey=%27x%27onclick=%27alert(1)

This sets the X key as an access key for the whole page. When a user presses the access key, the alert function is called.

  1. To trigger the exploit, press one of the following key combinations:

  • On Windows: ALT+SHIFT+X

  • On MacOS: CTRL+ALT+X

  • On Linux: Alt+X

Last update: 2025-05-12 14:16