[4/6] Level 4: Script Context

Mission Description

This level demonstrates XSS in JavaScript context. User input is being placed directly into a JavaScript string without proper escaping. You need to break out of the string context to execute your own code.

Mission Objective: Manipulate the URL parameter to execute JavaScript from within the script context.

Timer Application

00:00
✓ Level Complete! You successfully exploited a JavaScript string injection.

Hints

The URL parameter ?timer= is being inserted into a JavaScript string. Look at the source code to see how it's used.
You need to escape the string context first. Use a single quote (') to close the string, then a semicolon (;) to end the statement.
Try this URL: ?timer=';alert('XSS');//
function initTimer() {
  const params = new URLSearchParams(window.location.search);
  const timerValue = params.get('timer') || '60';
  
  // VULNERABLE: User input in JavaScript string without escaping
  eval("var defaultTime = '" + timerValue + "';");
  
  if (defaultTime) {
    document.getElementById('seconds').value = defaultTime;
  }
}

initTimer();