XSS Explained with Kurukshetra
Challenge 11: XSS CSP bypass through an inline script
Learn how a misconfigured CSP can be bypassed, potentially leading to the successful exploitation of cross-site scripting vulnerability.
Raghunath
I write about application security and security automation. For Services, check out eracorp.io
XSS Explained with Kurukshetra
Challenge 10: XSS bypass backslash escape
Check out how the XSS can be exploited in the HTML <div> tags and learn more about <img> tag-based XSS payload.
XSS Explained with Kurukshetra
Challenge 9: XSS in the hidden input field
Check out how the XSS can also be exploited in hidden input parameter fields with examples.
XSS Explained with Kurukshetra
Challenge 8: XSS bypass improper output encoding
Learn how the partially implemented HTML output encoding can be bypassed for exploiting XSS vulnerability using the HTML5 attributes
XSS Explained with Kurukshetra
Challenge 7: XSS in a dropdown list
Learn how the XSS vulnerability can be found in other params even though it is not editable by the browser using the BurpSuite Proxy tool
XSS Explained with Kurukshetra
Challenge 6: XSS Bypass Client-Side Blacklist Validation
Learn why client-side validation cannot be trusted all the time and how it can be tampered with by using BurpSuite as a proxy for exploiting XSS
XSS Explained with Kurukshetra
Challenge 5: XSS bypass Client-Side Length Limit
Learn why client-side validation cannot be trusted all the time and how it can be tampered with by browser debugging tools for exploiting XSS
XSS Explained with Kurukshetra
Challenge 4: XSS using HTML attribute
Learn how the XSS payload can be crafted using HTML5 event attributes rather than using the classic <script> tag
XSS Explained with Kurukshetra
Challenge 3: XSS bypass Blacklist HTML tags
Using the XSS fundamentals learned will look at how poorly implemented input validations can be bypassed with a custom-crafted xss payload.
XSS Explained with Kurukshetra
Challenge 2: Reflected cross-site scripting attack
You will learn about a reflected XSS and how it differs from the stored XSS. Also, I will walk you through exploiting reflected XSS.
XSS Explained with Kurukshetra
Challenge 1: Stored cross-site scripting attack
You will learn about what cross-site scripting vulnerability is, the types of cross-site scripting vulnerabilities, and how to identify a stored XSS vulnerability.
XSS Explained with Kurukshetra
XSS Explained: Learn cross-site scripting with examples
Kurukshetra is an intentionally designed XSS-vulnerable application. XSS is explained with examples, and it's an open-source lab for practicing and learning cross-site scripting vulnerabilities.