Reflected XSS in canonical link tag
The website in this lab reflects user input in a canonical link tag and escapes angle brackets. Note: The solution to this lab is only possible in Chrome.
Reproduction and proof of concept
Visit the following URL, replacing
lab-idwith your lab ID:
This sets the X key as an access key for the whole page. When a user presses the access key, the alert function is called.
To trigger the exploit, press one of the following key combinations:
On Windows: ALT+SHIFT+X
On MacOS: CTRL+ALT+X
On Linux: Alt+X