This repository is a Dockerized php software containing some XSS vulnerability challenges.
The concepts behind challenges are:
- Javascript validation bypass
- html entities bypass
- WAF bypass
- Black-list validation bypass
- Fundamental XSS validation bypass
- Double encode bypass of WAF to take advantage of XSS
- Exploiting XSS by bypassing escape characters
Utilizing docker hub (Quickest):
- To entry the challenges, you want docker put in.
- Run this command to tug and run the picture from docker hub:
sudo docker run -d -p 9003:80 moeinfatehi/xss_vulnerability_challenges - Entry the challenges with this URL: http://localhost:9003
Assist:
-d: indifferent mode (You need to use terminal after operating command
-p: specifies port (you possibly can change 8008 to no matter you need. If you do not have an online server in your host, set it to 80)
Utilizing docker-compose:
- To entry the challenges, you want docker and docker-compose put in.
- Clone the repository
git clone https://github.com/moeinfatehi/xss_vulnerability_challenges.git - Open the primary listing of the mission (the place docker-compose.yml file exists) and run:
docker-compose up - Entry the challenges with this URL: http://localhost:9003
This mission is for Academic goal ONLY. The standard disclaimer applies, particularly the truth that I am not answerable for any damages attributable to direct or oblique use of the data or performance supplied by these packages. The creator or any Web supplier bears NO accountability for content material or misuse of those packages or any derivatives thereof. By utilizing these mission you settle for the truth that any harm (dataloss, system crash, system compromise, and many others.) prompted by means of this program is just not my accountability.
You probably have any additional questions, please do not hesitate to contact me through my twitter account.
