Web for pentesters 1 Cross-Site Scripting (XSS)

First series of posts will focus on web for pentester 1 by pentesterlab. A walk-through is provided on the site, which I recommend going through before looking at the answers I provide.
Here are some sample answers for the cross-site scripting section of the virtual machine. If you require some explanation as to what cross-site scripting is and how it works, there is a section in the walk-through accompanying this virtual machine on pentester labs, but also nice explanation by Daniel Miessler found here.
If your running some sort of ad-blocker or script-blocker, you may need to disable it for the answers to work.
example 1:
This causes an alert box to pop up.
example 2:
This will cause an alert box to pop up.
example 3:
This will cause an alert box to pop up.
example 4:
<a onmousemove=”alert(1)”/>
Once you move the mouse over the web page, an alert box will pop up.
example 5:
This converts the ascii numbers into the string alert, which will cause an alert box to pop up.
example 6:
Again, another alert box will be displayed.
example 7:
Alert box will be displayed.
example 8:
in the address bar type:
converts the 49 into the number 1. similar to example 5, you can also replace the 49 with a string of ascii.
example 9:
after the # symbol
%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close