Porstwigger XSS Lab WriteUp

About XSS

XSS or Cross Site Scripting is an attack technique where attacker insert html tag or arbitary javascript code to attempt attack to the user. Example of XSS attacks are:

Reflected
Stored
DOM Based

Each has their own technique and how they are being distributed. XSS is combinable with other vulnerability

What Could Attacker Do?

Stole session token
Stole Your Cookie
Stole Personal information
Impersonate as you
Etc...

In this repo, I put my progress in learning XSS while also sharing what I've learn, Happy Processing and Daemoning :D.

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
DOM XSS in document.write sink using source location.search		DOM XSS in document.write sink using source location.search
DOM XSS in innerHTML sink using source location.search		DOM XSS in innerHTML sink using source location.search
DOM XSS in jQuery anchor href attribute sink using location.search source		DOM XSS in jQuery anchor href attribute sink using location.search source
DOM XSS in jQuery selector sink using a hashchange event		DOM XSS in jQuery selector sink using a hashchange event
Exploiting XSS to perform CSRF		Exploiting XSS to perform CSRF
Exploiting cross-site scripting to steal cookies		Exploiting cross-site scripting to steal cookies
Reflected XSS in canonical link tag		Reflected XSS in canonical link tag
Reflected XSS into HTML context with most tags and attributes blocked		Reflected XSS into HTML context with most tags and attributes blocked
Reflected XSS into HTML context with nothing encoded		Reflected XSS into HTML context with nothing encoded
Reflected XSS with some SVG markup allowed		Reflected XSS with some SVG markup allowed
Stored XSS into HTML context with nothing encoded		Stored XSS into HTML context with nothing encoded
img		img
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DOM XSS in document.write sink using source location.search

DOM XSS in document.write sink using source location.search

DOM XSS in innerHTML sink using source location.search

DOM XSS in innerHTML sink using source location.search

DOM XSS in jQuery anchor href attribute sink using location.search source

DOM XSS in jQuery anchor href attribute sink using location.search source

DOM XSS in jQuery selector sink using a hashchange event

DOM XSS in jQuery selector sink using a hashchange event

Exploiting XSS to perform CSRF

Exploiting XSS to perform CSRF

Exploiting cross-site scripting to steal cookies

Exploiting cross-site scripting to steal cookies

Reflected XSS in canonical link tag

Reflected XSS in canonical link tag

Reflected XSS into HTML context with most tags and attributes blocked

Reflected XSS into HTML context with most tags and attributes blocked

Reflected XSS into HTML context with nothing encoded

Reflected XSS into HTML context with nothing encoded

Reflected XSS with some SVG markup allowed

Reflected XSS with some SVG markup allowed

Stored XSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

img

img

README.md

README.md

Repository files navigation

Porstwigger XSS Lab WriteUp

About XSS

What Could Attacker Do?

About

Releases

Packages

Languages

DJumanto/Portswigger-XSS

Folders and files

Latest commit

History

Repository files navigation

Porstwigger XSS Lab WriteUp

About XSS

What Could Attacker Do?

About

Topics

Resources

Stars

Watchers

Forks

Languages