Skip to content

Introduction

This weeks On-Campus tasks will Focus on Cross Site Scripting, To give you the chance to see how we can trigger XSS and the kinds of things we can do with it.

Part 1: Reflected XSS

Using the[Web Trainer Work through the notes on Reflected XSS

  • Get an Alert Box showing on the screen
  • Try some of the other Suggested Payloads to see what kind of information you can leak

Part 2: Stored XSS

Using the Web Trainer. Try working through the stored XSS examples (Its under "Challenges")

  • Work through the Payloads again, get an alert box to show
  • Try getting the session cookies in an alert box
  • Try getting the session cookies to be sent to another server

Part 3: XSS Filters

Working our way around XSS filters is part of the fun.

There is another machine (XSS_Trainer) that has a level based challenges to work around filters

Back to top