Cross-Site Scripting

easy40 mintryhackme

Master Cross-Site Scripting (XSS) — the most common web vulnerability. Learn four types: Reflected, Stored, DOM-based, and Blind XSS. Practice crafting payloads across six escalating levels that teach tag escaping, attribute breakout, JavaScript context escaping, filter bypass, and event handler injection. Finish with a Blind XSS attack stealing a staff member's session cookie via a support ticket.

Skills You Will Learn

xssreflected-xssstored-xssdom-xssblind-xssjavascript-injectionfilter-bypass

Prerequisites

thm-walkinganapplication
browser-devtools

Walkthrough Phases

XSS Fundamentals

Understand XSS types and payload intentions

XSS Types

Learn the four types of XSS and where to find them

Perfecting Your Payload (6 Levels)

Craft XSS payloads that work in different HTML contexts

Blind XSS Practical

Steal a staff member's session cookie via a support ticket

10 questions to answer

alienrecon start thm-xss

Don't have AlienRecon? Get started here