Skip to content

Instantly share code, notes, and snippets.

View SymbianSyMoh's full-sized avatar
🎯
Focusing

Mohamed A. Basset SymbianSyMoh

🎯
Focusing
View GitHub Profile

XSS-game by Google

Welcome, recruit! Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch them, pronto!

At Google, we know very well how important these bugs are. In fact, Google is so serious about finding and fixing XSS issues that we are paying mercenaries up to $7,500 for dangerous XSS bugs discovered in our most sensitive products.

In this training program, you will learn to find and exploit XSS bugs. You'll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.

There will be cake at the end of the test.

javascript:(function(){var msg_m_prompt='Insert the message for males. I\'ll replace %name with the recipient name.';var msg_f_prompt='Insert the message for females. I\'ll replace %name with the recipient name.';var throttle_prompt='Insert the pause in milliseconds between a friend and the next.';var exclude_prompt='Insert the list of friends to ignore, comma separated.';var exerror_alert='%s is not in your friends, you might have made a mistake. Do you want to continue?';var time_alert='The script will take %s seconds!';var done='Done!';if(!Array.prototype.indexOf){Array.prototype.indexOf=function(d){if(void 0===this||null===this)throw new TypeError;var c=Object(this),b=c.length>>>0;if(0===b)return-1;var a=0;0<arguments.length&&(a=Number(arguments[1]),a!==a?a=0:0!==a&&(a!==1/0&&a!==-(1/0))&&(a=(0<a||-1)*Math.floor(Math.abs(a))));if(a>=b)return-1;for(a=0<=a?a:Math.max(b-Math.abs(a),0);a<b;a++)if(a in c&&c[a]===d)return a;return-1};}function size(obj){var s=0,key;for(key in obj){if(obj.hasOwnProperty(key))s++
function encrypt(text){
var cipher = crypto.createCipher('aes-256-cbc','d6F3Efeq')
var crypted = cipher.update(text,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
function decrypt(text){
var decipher = crypto.createDecipher('aes-256-cbc','d6F3Efeq')
var dec = decipher.update(text,'hex','utf8')