frncscrlnd's writeups

Writeups from challenges and CTFs i take part in.

Project maintained by frncscrlnd Hosted on GitHub Pages — Theme by mattgraham

XSS Challenges by Yamagata21 constitute one of the educational XSS (Cross‑Site Scripting) challenge sets available. Comprised of 20 successive stages (though a few later ones may only function properly in legacy environments like older versions of Internet Explorer), the series begins with straightforward reflected XSS injections using alert(document.domain) and gradually progresses towards less intuitive scenarios.

Stage 1

What you have to do:
Inject the following JavaScript command: alert(document.domain);

Hint: very simple…

If characters like <, >, or & are submitted, they are displayed exactly as entered (e.g., “No results for ”<”“, when it should be “No results for ”<””).
first This means that user input is not sanitized and that JavaScript code such as <script>alert(document.domain)</script> can be submitted and potentially executed in the user’s browser.