XSS Game Level 5

For this level we’re presented with a sign up form, we need to inject script into the URL.

If we click the Sign up button we should be taken here:

Take note of the URL signup?next=confirm
We can quite easily manipulate that to something else:
signup?next=javascript:alert(”);

Click next to see what happens…

This can be incredibly dangerous to unsuspecting users, if they’re sent a link like that and click it they could be at the will of XSS attack.
How often have you seen a URL like the one below and how many times have you clicked it?

That is exactly the same as signup?next=javascript:alert(”);
The JavaScript portion is converted to hex and will execute exactly the same as text. The lesson here, NEVER click on a random link, especially from someone you don’t know.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close