Categoría: Cross-site scripting

Exploiting cross-site scripting to capture passwords

Descripción This lab contains a stored XSS vulnerability in the blog comments function. A simulated victim user views all comments after they are posted. To solve the lab, exploit the vulnerability to exfiltrate the victim’s username and password then use these credentials to log in to the victim’s account. Exploiting cross-site scripting to capture passwords […]

Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Descripción This lab contains a reflected cross-site scripting vulnerability in the search blog functionality. The reflection occurs inside a template string with angle brackets, single, and double quotes HTML encoded, and backticks escaped. To solve this lab, perform a cross-site scripting attack that calls the alert function inside the template string. Reflected XSS into a template literal […]

Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

Descripción This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked. Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped writeup Al entrar en el laboratorio veremos un Blog. […]

Exploiting XSS to bypass CSRF defenses

Descripción This lab contains a stored XSS vulnerability in the blog comments function. To solve the lab, exploit the vulnerability to steal a CSRF token, which you can then use to change the email address of someone who views the blog post comments. You can log in to your own account using the following credentials: wiener:peter […]

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Descripción This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets and double are HTML encoded and single quotes are escaped. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function. Reflected XSS into a JavaScript string with angle […]

Reflected XSS into a JavaScript string with single quote and backslash escaped

Descripción This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality. The reflection occurs inside a JavaScript string with single quotes and backslashes escaped. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function. Reflected XSS into a JavaScript string with single […]

Reflected XSS in canonical link tag

Descripción This lab reflects user input in a canonical link tag and escapes angle brackets. To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function. To assist with your exploit, you can assume that the simulated user will press the following key combinations: Please note […]

Reflected XSS with some SVG markup allowed

Descripción This lab has a simple reflected XSS vulnerability. The site is blocking common tags but misses some SVG tags and events. To solve the lab, perform a cross-site scripting attack that calls the alert() function. Reflected XSS with some SVG markup allowed writeup Este laboratorio se resuelve de la misma forma que el laboratorio anterior (Reflected […]

Reflected XSS into HTML context with all tags blocked except custom ones

Descripción This lab blocks all HTML tags except custom ones. To solve the lab, perform a cross-site scripting attack that injects a custom tag and automatically alerts document.cookie. Reflected XSS into HTML context with all tags blocked except custom ones writeup HTML5 tiene varias etiquetas predefinidas (h1, p, script), pero también da la posibilidad de crear […]

Reflected XSS into HTML context with most tags and attributes blocked

Descripción This lab contains a reflected XSS vulnerability in the search functionality but uses a web application firewall (WAF) to protect against common XSS vectors. To solve the lab, perform a cross-site scripting attack that bypasses the WAF and calls the print() function. Reflected XSS into HTML context with most tags and attributes blocked writeup Al entrar […]