Task 20
Navigate to http://10.10.172.84/ in your browser and click on the âReflected XSSâ tab on the navbar; craft a reflected XSS payload that will cause a popup saying âHelloâ.
Section titled âNavigate to http://10.10.172.84/ in your browser and click on the âReflected XSSâ tab on the navbar; craft a reflected XSS payload that will cause a popup saying âHelloâ. âOn input search
<script>alert(âHelloâ)</script>Answer
Section titled âAnswer âThereIsMoreToXSSThanYouThink
On the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address.
Section titled âOn the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address. â<script>alert(window.location.hostname)</script>Answer
Section titled âAnswer âReflectiveXss4TheWin
Now navigate to http://10.10.172.84/ in your browser and click on the âStored XSSâ tab on the navbar; make an account. Then add a comment and see if you can insert some of your own HTML.
Section titled âNow navigate to http://10.10.172.84/ in your browser and click on the âStored XSSâ tab on the navbar; make an account. Then add a comment and see if you can insert some of your own HTML. â<h1>this is an HTML tag </h1>Answer
Section titled âAnswer âHTML_T4gs
On the same page, create an alert popup box appear on the page with your document cookies.
Section titled âOn the same page, create an alert popup box appear on the page with your document cookies. â<script>alert(document.cookie)</script>Answer
Section titled âAnswer âW3LL_D0N3_LVL2
Change âXSS Playgroundâ to âI am a hackerâ by adding a comment and using Javascript.
Section titled âChange âXSS Playgroundâ to âI am a hackerâ by adding a comment and using Javascript. âFind the ID of the XSS playground element
<script>document.querySelector('#thm-title').textContent = 'I am a hacker'</script>Answer
Section titled âAnswer âwebsites_can_be_easily_defaced_with_xss