You must perform an XSS attack in an HTML attribute.
Your objective is to cause an alert box to pop up on the resulting page.
(Note: Some browsers have anti-XSS protections which prevent this from working. Try using Firefox, Safari, or old versions of Internet Explorer.)
PARAMETERS:
Injection Type - Injection into HTML attribute
Sanitization - Angle brackets are removed