search

Be careful with what you wish on a Christmas night

Web Exploitation

hashtag
Video

hashtag
Resources

OWASP/CheatSheetSeriesarrow-up-right

Check out this awesome guide about XSS: swisskyrepo/PayloadsAllTheThingsarrow-up-right Common payload list for you to try out: payloadbox/xss-payload-listarrow-up-right For more OWASP Zap guides, check out the following room: Learn OWASP Zaparrow-up-right

hashtag
Challenge

hashtag
Deploy your AttackBox

circle-check

No answer needed

hashtag
What vulnerability type was used to exploit the application?

circle-check

Stored cross-site scripting

hashtag
What query string can be abused to craft a reflected XSS?

circle-check

q

hashtag
Launch the OWASP ZAP Application

circle-check

No answer needed

hashtag
Run a ZAP (zaproxy) automated scan on the target. How many XSS alerts are in the scan?

circle-check

2

hashtag
Explore the XSS alerts that ZAP has identified, are you able to make an alert appear on the "Make a wish" website?

circle-check

No answer needed

PreviousSomeone stole Santa's gift list!NextThe Grinch Really Did Steal Christmas

Last updated