For this level we’re presented with a sign up form, we need to inject script into the URL.
If we click the Sign up button we should be taken here:
Take note of the URL signup?next=confirm
We can quite easily manipulate that to something else:
signup?next=javascript:alert(”);
Click next to see what happens…
This can be incredibly dangerous to unsuspecting users, if they’re sent a link like that and click it they could be at the will of XSS attack.
How often have you seen a URL like the one below and how many times have you clicked it?
That is exactly the same as signup?next=javascript:alert(”);
The JavaScript portion is converted to hex and will execute exactly the same as text. The lesson here, NEVER click on a random link, especially from someone you don’t know.
Dan Rigby PenTesting 