This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.
To solve this lab, perform a cross-site scripting attack that calls the alert function.
element.innerHTML='... <img src=1 onerror=alert(document.domain)> ...'
1. Observe normal flow
2. Notice that <script> is injected but won't work because it is inside <span>
3. Design another payload
covfefe<img src=1 onerror=alert(1)>
Chensan