So I found these new challanges while doing my bug bounty hunting course, they can be found here: http://leettime.net/xsslab1

Level 4
So lets input an hello and check the HTML code to see where it is in the HTML code. It is in the following line <span style="font-size: medium;">Enter Your Name here : <input name="name" type="text" value="hello" /></span>. So this is the same as level 3 but then with a single qoute. Lets try '> <script>alert(document.URL)</script>

Good work!! You are welcome to Next Round.

Level 5
So lets input an hello and check the HTML code to see where it is in the HTML code. It is in the following line <script>var search_str="Hello";</script> So our hello input is enclosed with “” and already in an script tag. We can close this with ” and </script>.

So lets try "</script> <script>alert(document.URL)</script>

Good work!! You are welcome to Next Round.

Level 6
So lets input an hello and check the HTML code to see where it is in the HTML code. It is in the following line <script>var search_str='hello';</script> The same as last challange but then with single qoutes ‘ . This should be easy, same payload but then with single qoutes. '</script> <script>alert(document.URL)</script>

Good work!! You are welcome to Next Round

Leave a Reply

Your email address will not be published. Required fields are marked *