What is Cross Site Scripting (XSS)?
As defined by Wikipedia, Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
But today we will not be discussing What, How & Why of XSS but rather we will solve the 6 levels of Google’s XSS-GAME. Tutorial on XSS will be covered later and hence this article is especially for people who are familiar with the term XSS at least and that’s it.
Now that we have very brief overview lets move on the real game now. Shall we?
What is XSS-Game?
“XSS-Game is a training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.” — Taken from game page
There are 6 Levels of varying difficulty with different concepts and in almost every case you’re given the source code so that you can evaluate the XSS payload that will work. It is very beneficial since it gives you a chance to practice XSS hands-on.
Note: It is recommended that you practice the at least once before you look into the solutions here. Also, I will not embed the main frame. I will give an image and write the payload followed by an explanation why this works So without further adieu.
Level 1: Hello, world of XSS
Try it first and then see the solution in the next tabs.
This is a very straight forward level. Simply write an alert function within script tags.
After you write this in the search bar press okay and you’re done. See the image below.
In the game page, toggle the code and try to understand what it does. It is a small Django Python web app. But following lines are important for us to understand.
query = self.request.get('query', '[empty]') # Our search engine broke, we found no results :-( message = "Sorry, no results were found for <b>" + query + "</b>." message += " <a href='?'>Try again</a>." # Display the results page self.render_string(page_header + message + page_footer)
From the first line, It is understood that it is taking our query and crafting a message by directly adding ti without any filter and this makes the code vulnerable to XSS. Finally, rendering the web page. So, we can simply write the XSS within script tags and get it done.