Puzzle 01

Bookmarked!

PRO
Tier
Hard
< 1 Hr.
20

This lab presents a puzzle designed to help you trigger a Cross-Site Scripting (XSS) vulnerability. The key to solving this challenge lies in understanding how the Ruby method String#gsub operates, especially concerning backreferences when a match is found.

To begin, explore the method String#gsub and pay special attention to backreferences. Examples provided, like "hello".gsub(/l+/, "\0") and "hello".gsub(/l+/, "\&"), will be particularly useful. Ensure that you fully grasp why the payload you discover works, as this understanding is crucial for mastering XSS vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GOPRO