The website https://xss-game.appspot.com/ has some interesting XSS challenges. In this lab, I will be completing levels one and two. Level 1 covers Reflective XSS, and Level 2 covers Stored XSS.

---

From the website:

• "Mission Description: This level demonstrates a common cause of cross-site scripting where user input is directly included in the page without proper escaping. Interact with the vulnerable application window below and find a way to make it execute JavaScript of your choosing. You can take actions inside the vulnerable window or directly edit its URL bar."
• "Mission Objective: Inject a script to pop up a JavaScript alert() in the frame below. Once you show the alert you will be able to advance to the next level.

• https://xss-game.appspot.com/level1/frame?query=<script>alert("oh no")</script>

Resource:

• https://www.w3schools.com/jsref/met_win_alert.asp

---

From the website:

• "Mission Description: Web applications often keep user data in server-side and, increasingly, client-side databases and later display it to users. No matter where such user-controlled data comes from, it should be handled carefully. This level shows how easily XSS bugs can be introduced in complex apps."
• "Mission Objective: Inject a script to pop up an alert() in the context of the application. Note: the application saves your posts so if you sneak in code to execute the alert, this level will be solved every time you reload it."

• <img src='img.png' onerror='alert("oh no, again")'>

Resources:

• https://www.washington.edu/accesscomputing/webd2/student/unit5/module2/lesson1.html
• https://www.w3schools.com/howto/howto_js_alert.asp
• https://stackoverflow.com/questions/42285655/pop-up-alert-on-image-click

---

Reflective XSS:

• Reflective XSS occurs when a cross-site scripting attack uses a script or malicious code that is injected into a usually trusted website, typically via URL. For example, a user may click on a link for a website they normally traverse to that was sent or posted by an attacker that includes malicious code that will infect those who use it by inserting the code into the web application transaction. So when the victim clicks on the link with malicious code, and the code is then executed and sent back in the web application response, the user has now triggered an XSS attack. This can easily be prevented if web applications secure themselves from unwanted input and queries that contain such scripts.
• Resource

Stored XSS:

• While reflective XSS is code that is typically executed on a server via URL script injection and then reflects back on the user, Stored XSS attacks the user's browser. This can occur when the application that your browser is accessing allows for user input (like message boards and social media) and then the browser stores that user input. If some of that stored user input contains malicious code, then when the content is loaded the attached malicious code will be executed. This is very dangerous since a user only has to traverse a website to be vulnerable.
• Resource