which payload to use to trigger reflected xss?
I used 500+ payloads via burp intruder ! but none worked
lab 3 is about stored XSS in the comments. Not a reflected XSS in the Search
EDIT :
in the challenge lab it is written :
The reading club webmaster is proud to announce a secure commenting feature. You should find two different persistent XSS in the commenting pages.
→ is there only 2 stored XSS to find or is there a reflected also?