Friday, May 30, 2014

Google xss game answers

Ok so earlier today I stopped by Googles new xss game to check it out and ill just say, it was fun and a good refresher on xss.  I might do a real writeup and explain each xss in detail in another blog post but I figured id just post the answers for now while im on a lunch break at work.


DO NOT CHEAT YOURSELF OUT OF LEARNING - The answers will need to be highlighted to view, I don't want to spoil the fun for everyone.

Resources to learn about XSS:

Below you will find my answers to the six challenges on their site.

Challenge 1:

In the search form enter:

Challenge 2:
In your comment enter:
<img src=wizbang onerror='alert(0)' /> 

Challenge 3:
 in the url bar enter:
' /><script>alert(0);</script>

Challenge 4:
In the timer form enter:

Challenge 5:
This one is pretty neat, on the second page (signup) you need to get the next parameter to run your javascript.  To do this just enter:

Challenge 6:
This one is really cool because you need to load the javascript from a resource on a webpage or some other way.  To complete the final challange I entered:
Hopefully ill do a formal writeup and really explain why all of the answers work and maybe show some alternative ways to complete the challenges.