XSS Vulnerability Scenarios: XSS vulnerability challenges and bypass examples
XSS Vulnerability Scenarios (challenges)
This repository is a Dockerized php application containing some XSS vulnerability challenges.
The ideas behind the challenges are:
- Javascript validation bypass
- html entities bypass
- WAF bypass
- Black-list validation bypass
- Basic XSS validation bypass
- Double encode bypass of WAF to exploit XSS
- Exploiting XSS by bypassing escape characters
Install
Using docker hub (Quickest):
- To access the challenges, you need docker installed.
- Run this command to pull and run the image from docker hub:
sudo docker run -d -p 9003:80 moeinfatehi/xss_vulnerability_challenges - Access the challenges with this URL: http://localhost:9003
Help:
-d: detached mode (You can use terminal after running command
-p: specifies port (you can change 8008 to whatever you want. If you don’t have a web server on your host, set it to 80)
Using docker-compose:
- To access the challenges, you need docker and docker-compose installed.
- Clone the repository
git clone https://github.com/moeinfatehi/xss_vulnerability_challenges.git - Open the main directory of the project (where the docker-compose.yml file exists) and run: docker-compose up
- Access the challenges with this URL: http://localhost:9003
Source: https://github.com/moeinfatehi/
