XSS Challenges

http://xss-quiz.int21h.jp/

Stage #1

Inject alert (document.domain), what input will return after the first try;

Back in the label, try to enter the direct payload;

Stage #2

Test returned;

Can be found, Test return value attribute, the attribute value close attention to double quotes;

Stage #3

Return test case;

By observing the total POST source we can find two parameters, p1 and p2, p1 found by testing to be filtered, so a burp modified value p2;

Stage #4

First test returns;

Found a hidden parameter p3, try to inject payload;

Found p3 is returned in the attribute value, the re-POST parameters p3, attention can be closed double quotes;

Stage #5

View source found on the length of the input have been restricted;

Parameters can be transmitted directly by Burp;

Stage #6

First test case of return;

Returns the value found in the properties, attention is closed;

Found not successful, view the source code and found that <,> is encoded, so we can not close the tab, then the input tag if there is any property can take advantage of it?

These are in the form of property, where the election onselect we try to inject;

Injection of success, when we select the form, it will trigger the payload;

Stage #7

Test returns;

Returns the value found in the attribute, try to inject;

Find quotes are filtered, but the value of the property itself without the quotation marks, then we can not quote;

Stage #8

Test returned;

Discovery has returned a <a href> </a> labels directly try to inject payload;

click the link;

Stage #9

Test returns;

It may be noted there are two parameters, one of which is p1, the return value in the value, the tested quotes, <,>, etc. are filtered, charset another parameter, value euc-jp, you can see a Japanese coding, coding and this question should be relevant;

I want to for a long time and do not know, go and see this question prompts;