So I found these new challanges while doing my bug bounty hunting course, they can be found here: http://leettime.net/xsslab1

Level 1
I know a little about XSS. I can trigger an alertbox by using <script>alert()</script>. So lets try this in the input field.

But we get an error “Nice Try……But use alert(document.URL) to pass this Challenge!” We have to use document.URL inside the alert box to pass to the next level?. Lets try <script>alert(document.URL)</script>. We made it and got the following message:

Good work!! You are welcome to Next Round

Level 2
I tried the last code but this didn’t work, obviously. So lets input an hello and check the HTML code by doing right mouse click and select show page source, to see where it is in the HTML code. It is in the following line <span style="font-size: medium;">Enter Your Name here : <input name="name" type="text" value="hello" /></span> It opens and closes with <input type="text" />.

By knowing this we can escape this by entering a /> So lets try to enter the following: /> <script>alert(document.URL)</script>

Good work!! You are welcome to Next Round

Level 3
So lets input an hello and check the HTML code to see where it is in the HTML code. It is in the following line <font size=3>Enter Your Name here : <input type="text" name="name" value="Hello"></input> So we can close this by closing the string “Hello” and the input field. Lets try "> <script>alert(document.URL)</script>

Good work!! You are welcome to Next Round

Leave a Reply

Your email address will not be published. Required fields are marked *