A simple place to learn XSS

Overview

XSSPlayground

A simple place to learn XSS. Made for myself to learn and to help others (please do use!)

Disclaimer

This is a works in progress and will change over time. Learn what you can!

Updates

15/03/2021 - Added new layout, reworked xss 1,2,3.

Screenshots

Setup

Host php

  1. Download the index.php file.
  2. Add to your /var/www/html folder

Tip: Make a new folder called 'xss' eg: /var/www/html/xss

  1. Run the php local server Have php installed so you can use php in terminal, then start a local server
php -S 127.0.0.1:8000
  1. Visit the page at http://127.0.0.1:8000/xss/index.php and start testing!

Host xampp

  1. Download the index.php file.
  2. Add to your /var/www/html folder or /var/www/html/xss
  3. Start xampp server, goto http://127.0.0.1/index.php or http://127.0.0.1/xss/index.php

What is XSS?

Cross-site scripting (XSS) is a web security vulnerability. It that allows an attacker to compromise the interactions that users have with a vulnerable application. Allowing for various attack types (steal cookies, make user accounts (auth permitting) etc)

Types of XSS

Reflected XSS

  • This is when the exploits come from the current http request being made (reflected in response)
  • More Info

Stored XSS

  • When the exploits are stored in the servers database, accessed on page load or content loading on the website.
  • More Info

Dom based XSS

  • When the expliot is done on the client side ranter then the server. (change the webpage, inject hidden elements etc)
  • More Info

Sources and Sinks (DOM XSS)

Source - where XSS payloads are injected to.

  • document.url
  • document.referrer
  • location
  • location.href
  • location.search
  • location.hash
  • location.pathname

Sink - where XSS payloads get executed.

  • element.innerHTML()
  • element.outerHTML()
  • eval()
  • setTimeout()
  • setInterval()
  • document.write()
  • document.writeLn()

DOM XSS - Example (Code review)

Webpage code

<!DOCTYPE html>
<html>
 <body>
  <script>
   var url_source = "Hi, " + decodeURIComponent(location.hash.split("#")[1]); // example source inject point
   var divElement = document.createElement("div");
   divElement.innerHTML = url_source; // Sink, execution point
   document.body.appendChild(divElement);
  </script>
 </body>
</html>

GET Request (exploit)

GET www.targeturl.com#<img src=x onerror"alert('DOM XSS')">

jQuery PoC's 3.x (CVE-2020-11022/CVE-2020-11023)

$('#div').html('<img alt="<x" title="/><img src=x onerror=alert(1)>">');
http://xss-game.appspot.com/level3/frame#$('#tabContent').html("\"><img src=x onerror="alert(1)"")

Great links (learn)

Google Gruyer xss

https://hackersonlineclub.com/cross-site-scripting-xss/

https://info.ninadmathpati.com/resources/web-app-pentest/cross-site-scripting-xss

https://portswigger.net/web-security/cross-site-scripting

https://www.veracode.com/security/xss

https://excess-xss.com/

https://hackertarget.com/xss-tutorial/

Great links (challanges)

https://xss.pwnfunction.com/

https://xss.challenge.training.hacq.me/

http://xss-game.appspot.com/

http://www.sudo.co.il/xss/

Great links (cheatsheets)

Portswigger Cheatsheet

https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting

https://html5sec.org/

https://xss.by/

You might also like...
🏆 Learn You PHP! - An introduction to PHP's core features: i/o, http, arrays, exceptions and so on.
🏆 Learn You PHP! - An introduction to PHP's core features: i/o, http, arrays, exceptions and so on.

Learn You PHP! The very first PHP School workshop. A revolutionary new way to learn PHP Bring your imagination to life in an open learning eco-system

My intention with this app is that new developers can have a concrete application with Laravel + VueJS where they can use it as example to learn the right way
My intention with this app is that new developers can have a concrete application with Laravel + VueJS where they can use it as example to learn the right way

My intention with this app is that new developers can have a concrete application with Laravel + VueJS where they can use it as example to learn the right way, implementing the best practices possible and at the same time learn how TDD is done. So this will be an example application but completely usable for any similar case.

Simple library that abstracts different metrics collectors. I find this necessary to have a consistent and simple metrics (functional) API that doesn't cause vendor lock-in.

Metrics Simple library that abstracts different metrics collectors. I find this necessary to have a consistent and simple metrics API that doesn't cau

Configure Magento 2 to send email using Google App, Gmail, Amazon Simple Email Service (SES), Microsoft Office365 and many other SMTP (Simple Mail Transfer Protocol) servers
Configure Magento 2 to send email using Google App, Gmail, Amazon Simple Email Service (SES), Microsoft Office365 and many other SMTP (Simple Mail Transfer Protocol) servers

Magento 2 SMTP Extension - Gmail, G Suite, Amazon SES, Office 365, Mailgun, SendGrid, Mandrill and other SMTP servers. For Magento 2.0.x, 2.1.x, 2.2.x

Simple PHP Pages - A simple puristic PHP Website Boilerplate
Simple PHP Pages - A simple puristic PHP Website Boilerplate

Simple PHP Pages - A simple puristic PHP Website Boilerplate 🚀 Hey! This project provides simple and basic concepts for PHP pages. It includes ideas

Sslurp is a simple library which aims to make properly dealing with SSL in PHP suck less.

Sslurp v1.0 by Evan Coury Introduction Dealing with SSL properly in PHP is a pain in the ass and completely insecure by default. Sslurp aims to make i

Currency is a simple PHP library for current and historical currency exchange rates & crypto exchange rates. based on the free API exchangerate.host

Currency Currency is a simple PHP library for current and historical currency exchange rates & crypto exchange rates. based on the free API exchangera

Simple IT Documentation Solution for MSPs

SimpleMSPDoc RC 1.0 I wasn't happy with what other IT documention software had. I felt they over complicated things and required so much clicky clicky

Simple customizable captcha script for bot prevention in php language.

phpCaptcha Simple customizable captcha script for bot prevention in php language. Usage ?php session_start(); $status = ""; if ($_SESSION['captcha']

Owner
ac1d
I love to make software that helps or automates a process.
ac1d
A simple plugin to display a block name that player break or place in popup!

?? • Block Popup Version Status Date 1.0.0 stable-alpha 12/10/2022 ?? • General: Plugin Introduction: This is a simple plugin to add the function to d

HenryDM 3 Nov 2, 2022
Second Stage XSS

SSX Second Stage XSS, This tool will help you to exploit XSS more deeply. Installation: Clone this project This app need permission to write on curren

Dimaz Arno 5 Jul 23, 2022
This website for web pentesters and beginner bug bounty hunters,You can improve your hacking skills by practicing xss in this lab.

XSSLab [Not finished yet, it's under development] XSSLab is a vulnerable website coded By Mahdi Jaber "Mr MJT" {in digital world}.. By XSSLab you can

Mr MJT [Mahdi Jaber] 7 Aug 30, 2022
This is the official place where Nemesysco's LVA7 and QA7 dockers will be hosted and maintained

LVA-Dockers This is the official place where Nemesysco's LVA7 and QA7 dockers will be hosted and maintained - It is still under construction! We are w

null 2 Feb 17, 2022
A place where Magento architectural discussions happen

This repository is created by initiative of Magento architects to discuss with the Magento community any open questions around Magento 2 architecture

Magento 261 Dec 6, 2022
This Kirby V3 Plugin brings snippets and blueprints together in one place. It includes useful tools that completely changing the way you work with Kirby: Fast and well organized.

Kirby Components Overview Do you love to make awesome projects with Kirby CMS? Do you also find it difficult to switch between snippets and blueprints

Roman Gsponer 6 May 31, 2023
Learn to apply best practices as a PHP backend developer

PHP eCommerce Project Here are the things that this repo will cover: Object oriented programming principles and best practices Object oriented session

Muhammad Salah 0 Aug 2, 2022
Learn how to deploy Laravel 7 project in GCP from scratch

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Almujeer Uddin 2 Nov 21, 2021
A repository for showcasing my knowledge of the PHP programming language, and continuing to learn the language.

Learning PHP (programming language) I know very little about PHP. This document will list all my knowledge of the PHP programming language. Basic synt

Sean P. Myrick V19.1.7.2 2 Oct 29, 2022
Learn how to run WordPress with Docker. Read about our experiences and start off with an easy boilerplate.

Hi! We're Dan and Jay. We're a two person team with a passion for open source products. We created Server Side Up to help share what we learn. Find us

Server Side Up 7 Sep 17, 2022