The attacker might not have any user level access to the web application. However, this does not mean that the application cannot be used to attack other users. Reflected Cross Site Scripting could be triggered even by unauthenticated users.

In the exercise below, the attacker is not authenticated to the web application and needs to find a reflected XSS attack on it.

A version of Chamilo LMS is vulnerable to a reflected XSS attack.

Objective: Your task is to find and exploit this vulnerability.

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-298.pdf