Detect the XSS Vulnerability

Fedora Project

XSS(Cross-Site Scripting) is a security vulnerability found in a web application that allows an attacker to inject client-side script(Ex. JavaScript) to a webpage through input areas like a search box, forms, file upload and execute it at user’s end without authorization. The severity of cross site scripting attack can range from showing the useless alert box to stealing cookies, user’s session ids & take over the account. You need to perform 4 XSS attacks as follows:

Create an alert box saying "HACKED".
Change the background color of the website to "RED" .
Change the background of the website to an image of your choice.
Redirect the website to another page saying "You Are Hacked"(You can use HTMLPASTA to create your own page and redirect it to the vulnerable web app).

Keep your attack limited to the website provided to you. Please do not perform any type of XSS attack in someone else's website.

Deliverables:

Share the Screenshots of all 4 attacks in a PDF/Word file. Below the screenshots write the code snippet that you used to execute the preceding.

Contact Mentor:

Please do not copy someone else's work from the internet. If you have doubts contact the Fedora Summer Coding group using telegram. If you are not already a member you can join the group https://t.me/fedoraSummerCoding

https://gcixsstask.herokuapp.com/

Task tags

cyber-security
web-application-security

Students who completed this task

DefinitelyNotAshnxious, Jenny Rakete, Melloverick, srikavin, adv, Ali Murtaza, Aneendyadg, Abtaha, zeystg, ycwei982, ahmstg, JoshDaBosh, panos, SSAFuze, void, db, Mateusz, KanarekLife, ntrung03, strawberryshaker2005, mehstg, DHARSAN, pepsipu, justan00b, sankha, Virdio Samuel Saragih, Naman Khare, Asienwald, André, WIndSurfista, jasonaa, Ujjwal, Vítek, hack3r_0m, sp2956, nulled, u7693, synnek, AlexejheroYTB, cfalas, Vyachko, weakit, FajarTheGGman, RishabhL, StuckDexter, pablopg, msteknoadam, dzejqub, fantoro, Icarus, Shadowblade, Emily Ong Hui Qi, UTx10101, geek123, Hydralyncs, saumitp, EmperorAj, Fadedace, VH-tech, Rishit Dagli, bl6, ryan6315, Bronson, rosyad, azure, Bartłomiej, nika02, skr1p7, Rajvardhan, yangszwei, William Chang, Robert, ujik, Ved, wikwg9, Musab Kılıç, Sirius, Ada_Lovelace, aristo, Eversti, aaPle, pranjal, AdnanSayyed, jokelovehate, Coppertint, simon7l7, ZerMal.kzb, CSY54, Sash713, p014ri5, Dennis Yang, Mukundan314, Mahardika, LeoDog896, hydrophobefireman, ABSOLUTEunit, gevakun, Keychain, BrownieInMotion, Manridh Kaur, nesstg, Jake123, asmrvin, m1m3, az, Aadarsh Raj, BenTechy, Lolgaming, jivi3, JacobInwald, Jakkie Khan, manikanta, CursedTomb, Chenlitw, paraxor, cowsay256, Nathan, Galactic_Alliance, VE FORBRYDERNE, MiskaKyto, bananasaurus, Sairaj, Siddharth Dushantha, Blue112, minhducsun2002, Silverpoision, Sarthakss, akshayprogrammer, Suhas, maciekwo

Task type

Code
Quality Assurance