Modern technology gives us many things.

Complete Solution to XSS-GAME by Google to Practice XSS

6 2,593

What is Cross Site Scripting (XSS)?

As defined by WikipediaCross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

But today we will not be discussing What, How & Why of XSS but rather we will solve the 6 levels of Google’s XSS-GAME. Tutorial on XSS will be covered later and hence this article is especially for people who are familiar with the term XSS at least and that’s it.

Now that we have very brief overview lets move on the real game now. Shall we?


What is XSS-Game?

XSS-Game is a training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.” — Taken from game page

There are 6 Levels of varying difficulty with different concepts and in almost every case you’re given the source code so that you can evaluate the XSS payload that will work. It is very beneficial since it gives you a chance to practice XSS hands-on.

Note: It is recommended that you practice the at least once before you look into the solutions here. Also, I will not embed the main frame. I will give an image and write the payload followed by an explanation why this works So without further adieu.


Level 1: Hello, world of XSS

Mission Objective

Inject a script to pop up a JavaScript in thealert() frame.

Try it first and then see the solution in the next tabs.

This is a very straight forward level. Simply write an alert function within script tags.

<script>alert(/xss/)</script>

After you write this in the search bar press okay and you’re done. See the image below.

XSS game level 1 solution

In the game page, toggle the code and try to understand what it does. It is a small Django Python web app. But following lines are important for us to understand.

query = self.request.get('query', '[empty]')
 
# Our search engine broke, we found no results :-(
message = "Sorry, no results were found for <b>" + query + "</b>."
message += " <a href='?'>Try again</a>."

# Display the results page
self.render_string(page_header + message + page_footer)

From the first line, It is understood that it is taking our query and crafting a message by directly adding ti without any filter and this makes the code vulnerable to XSS. Finally, rendering the web page. So, we can simply write the XSS within script tags and get it done.

6 Comments
  1. Arinerron says

    My solutions for the XSS game were different for the last few.

    You can see them here -> https://gist.github.com/Arinerron/19d75c81bcff5622bf6d4f2ff8e3829d

    1. Animesh Shaw says

      Yeah, I see that. I was also a little confused at the last one. But I should have tried it your way too. Well, point taken 😀

      1. Arinerron says

        The regex didn’t check for a space before the URL.

        1. Animesh Shaw says

          Yeah, I see that now. I am thinking that I should create an article on how to bypass different filters and test cases Of course we have OWASP filter evasion docs but still something a little more hands-on.

          1. Joseph Walton-Rivers says

            You can also get round it by using HTTPS:// (as it only checks for lowercase).

          2. Animesh Shaw says

            Yeah. I got that part. After @Aninerron’s gist solution. I tried it with upper case version. Guess what I was thinking too much?

            I will include your and his suggestions soon.

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.