← All Challenges
Challenge 28 of 66

Script Kiddie

🟠 Hard Injection +100 XP

A search form reflects user input without sanitization. Inject a script to trigger an alert and prove XSS is possible.

Script Kiddie // sandbox
Try injecting <script>alert(1)</script> or an event handler like onerror.

🏆 Challenge Complete!

+100 XP earned
Next Challenge →
← Prev Next →