I wrote a little script in node.js for a hands-on lab to test Cross-Site Scriptings (XSS).

You can download it from my github: https://github.com/defensahacker/nodexss

To deploy in Google Cloud App Engine:

$ git clone https://github.com/defensahacker/nodexss.git
$ gcloud init
$ gcloud projects create xss-lab$RANDOM
$ gcloud config set project xss-lab$RANDOM
$ gcloud projects describe xss-lab$RANDOM
$ gcloud app create --project=xss-lab$RANDOM
$ gcloud app deploy
$ gcloud app logs tail -s default

To start the project from a local system:

git clone https://github.com/defensahacker/nodexss.git
docker build -t defensahacker/nodexss:1.3 --no-cache .
docker run --rm -p 8080:8080 -d defensahacker/nodexss:1.3

Now visit the vulnerable website:

http://localhost:8080/?name=world<script>alert(document.cookie);</script>

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Tags:

Leave a Reply

Related News

How to hijack Android OS calls with Frida Cybersecurity Android Apps

How to hijack Android OS calls with Frida

July 14, 2022
How to reverse engineer any Android game using Unity Cybersecurity Android Apps

How to reverse engineer any Android game using Unity

June 15, 2022

You may have missed

Crypto Timeline: What happened from 1998 to nowadays

Crypto Timeline: What happened from 1998 to nowadays

September 6, 2022
How to use ConsenSys Surya smart contracts tool

How to use ConsenSys Surya smart contracts tool

September 6, 2022
How to install and use Paradigm Foundry to test and deploy smart contracts

How to install and use Paradigm Foundry to test and deploy smart contracts

September 5, 2022
Ethereum EVM low-level

Ethereum EVM low-level

August 31, 2022
How to use slither to audit smart contracts

How to use slither to audit smart contracts

July 23, 2022
How to hijack Android OS calls with Frida Cybersecurity Android Apps

How to hijack Android OS calls with Frida

July 14, 2022