Task 20 - Cross-site Scripting

Task 20 [Severity 7] Cross-site Scripting

Deploy the VM

No answer needed

Navigate to http://MACHINE_IP/ in your browser and click on the "Reflected XSS" tab on the navbar; craft a reflected XSS payload that will cause a popup saying "Hello".

Reveal Flag ๐Ÿšฉ

๐ŸšฉThereIsMoreToXSSThanYouThink

On the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address.

In Javascript window.location.hostname will show your hostname, in this case your deployed machine's hostname will be its IP.

Reveal Flag ๐Ÿšฉ

๐ŸšฉReflectiveXss4TheWin

Now navigate to http://MACHINE_IP/ in your browser and click on the "Stored XSS" tab on the navbar; make an account. Then add a comment and see if you can insert some of your own HTML.

Reveal Flag ๐Ÿšฉ

๐ŸšฉHTML_T4gs

On the same page, create an alert popup box appear on the page with your document cookies.

Reveal Flag ๐Ÿšฉ

๐ŸšฉW3LL_D0N3_LVL2

Change "XSS Playground" to "I am a hacker" by adding a comment and using Javascript.

HINT: <script>document.querySelector('#thm-title').textContent = 'I am a hacker'</script>

Reveal Flag ๐Ÿšฉ

๐Ÿšฉwebsites_can_be_easily_defaced_with_xss

PreviousTask 19 - Security MisconfigurationNextTask 21 - Insecure Deserialization

Last updated