mm0@home:~$

Archive

About

RSS

Labs 579d57ba482d4b10884e0c10204688d1

LABS

REFLECTED

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) into HTML context with nothing encoded

[XSS] Lab: [Stored XSS](https://portswigger.net/web-security/cross-site-scripting/stored) into HTML context with nothing encoded

[XSS] DOM XSS in document.write sink using source location.search

[[XSS] DOM XSS](https://portswigger.net/web-security/cross-site-scripting/dom-based) in document.write sink using source location.search inside a select element

[XSS] Lab: [DOM XSS](https://portswigger.net/web-security/cross-site-scripting/dom-based) in innerHTML sink using source location.search

[XSS] DOM XSS in jQuery anchor href attribute sink using location.search source

[XSS] DOM XSS in jQuery selector sink using a hashchange event

[XSS] DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded

[XSS] Lab: Reflected DOM XSS

[XSS] Stored DOM XSS

[XSS] Lab: Reflected XSS into HTML context with most tags and attributes blocked

[XSS] LAB: Reflected XSS into HTML context with all tags blocked except custom ones

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) with some SVG markup allowed

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) into attribute with angle brackets HTML-encoded

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) with event handlers and href attributes blocked

[XSS] Lab: [Stored XSS](https://portswigger.net/web-security/cross-site-scripting/stored) into anchor href attribute with double quotes HTML-encoded

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) in canonical link tag

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) into a JavaScript string with a single quote and backslash escaped

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) into a JavaScript string with angle brackets HTML encoded

[XSS] Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

[XSS] Lab: [Stored XSS](https://portswigger.net/web-security/cross-site-scripting/stored) into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped

Lab: [Reflected XSS](https://portswigger.net/web-security/cross-site-scripting/reflected) into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

[XSS] Lab: [Exploiting cross-site scripting](https://portswigger.net/web-security/cross-site-scripting/exploiting) to steal cookies

[XSS] Lab: Exploiting cross-site scripting to capture passwords