The following is my documentation on PortSwigger’s Academy labs. End Goal: Perform an XSS attack that calls the alert function inside the template string In this lab the target site will be emulating a blog that handles the search function with JavaScript template literals. We’ll go through what that means and how to take advantage […]
Solution for PortSwigger Academy Lab: Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped
The following is my documentation on PortSwigger’s Academy labs. End Goal: Submit a comment that calls the alert function when the comment author name is clicked To help build good habits we will be going through this lab with PortSwigger’s guides to finding XSS vulnerabilities, slightly modified: This of course will be a guide that […]
Solution for PortSwigger Academy Lab: Reflected XSS in canonical link tag
The following is my documentation on PortSwigger’s Academy labs. End Goal: Perform an XSS attack on the target page that injects an attribute that calls the alert function This Lab requires us to exploit a vulnerable canonical link tag. If that sentence did not sound like Klingon to you then qapla’! You probably don’t need […]
Solution for PortSwigger’s Lab: XSS with some SVG markup allowed
The following is my documentation on PortSwigger’s Academy labs. End Goal: Use an XSS attack to call an alert() function Just like in our previous two labs, we will be using Burp Suite to automate our task of finding out which tags and events are allowed past our WAF (Web Application Firewall). For a detailed, […]
Solution for PortSwigger’s lab: Reflected XSS into HTML context with all tags blocked except custom ones
The following is my documentation on PortSwigger’s Academy labs. End Goal: Perform a cross-site scripting attack that injects a custom tag and automatically alerts document.cookie This lab appears to assume that you have completed the previous lab. As such, many of the steps to get to our final payload are the same. Here is a […]
Solution for PortSwigger’s Academy: Reflected XSS into HTML context with most tags and attributes blocked
The following is my documentation on PortSwigger’s Academy labs. End Goal: Bypass the WAF and call the print() function The last time we encountered a WAF (Website Application Firewall), our workaround was pretty simple. This time around we are going to have to do a lot of hunting and testing to see just how to […]
Solution for PortSwigger’s Academy: Stored DOM XSS
The following is my documentation on PortSwigger’s Academy labs. End Goal: Exploit a stored DOM vulnerability and call the alert() function in the comments In this lab, we are asked to perform a stored XSS. This is something we have performed before, but this time our comments are being filtered, so we’ll have to go […]
Solution for PortSwigger Academy Lab: Reflected DOM XSS
The following is my documentation on PortSwigger’s Academy labs. End Goal: Create an injection that calls the alert() function This lab explores injecting a payload that takes advantage of the eval() function in JavaScript. But what is the eval() function? “The eval() function evaluates JavaScript code represented as a string and returns its completion value. […]
Solution for PortSwigger Academy Lab: DOM XSS in AngularJS expression with angle brackets and double quotes HTML encoded
The following is my documentation on PortSwigger’s Academy labs. End goal: Perform a XSS attack that executes an AngularJS expression and calls the alert function This lab is deceitfully easy. We can quickly find the solution for this online, copy and paste the payload, and solve it. Hell, PortSwigger’s own tutorial is only four steps […]
Solving PortSwigger’s lab: DOM XSS in document.write sink using source location.search inside a select element
The following is my documentation on PortSwigger’s Academy labs. End goal: Perform a cross-site scripting attack that breaks out of the select element and calls the alert function What you’ll need: <1> First, we navigate to a product page in the lab, right-click the “Check stock” button on the bottom of the page, and inspect […]