Be careful with what you wish on a Christmas night
Web Exploitation
Video
Resources
Check out this awesome guide about XSS: swisskyrepo/PayloadsAllTheThings Common payload list for you to try out: payloadbox/xss-payload-list For more OWASP Zap guides, check out the following room: Learn OWASP Zap
Challenge
Deploy your AttackBox
No answer needed
What vulnerability type was used to exploit the application?
Stored cross-site scripting
What query string can be abused to craft a reflected XSS?
q
Launch the OWASP ZAP Application
No answer needed
Run a ZAP (zaproxy) automated scan on the target. How many XSS alerts are in the scan?
2
Explore the XSS alerts that ZAP has identified, are you able to make an alert appear on the "Make a wish" website?
No answer needed
Last updated
Was this helpful?