Skip to content
/ Node-XSS-labs Public

Three simple labs to demonstrate XSS vulnerabilities (DOM-based, reflected and stored) on a Node.js server.

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Corbe30/Node-XSS-labs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
dom_based_xss
dom_based_xss
 
 
images
images
 
 
reflected_xss
reflected_xss
 
 
stored_xss
stored_xss
 
 
README.md
README.md
 
 

Repository files navigation

Node-XSS-labs

Most of the XSS labs online are based on PHP backend. So I developed three simple labs to demonstrate XSS vulnerabilities (DOM-based, reflected and stored) on a Node.js server. The labs are tested with XSStrike for vulnerabilities. The labs are build on Javascript, ejs, Node.js and Express.

DOM-based XSS

https://corbe30.github.io/Node-XSS-labs/dom_based_xss/

Payload : alert(1)


Reflected XSS

https://reflected-xss.onrender.com/

XSStrike Query : python .\xsstrike.py -u "http://localhost:3000/?txt1=a"
Generated Payload : <HtmL%0aONpoiNtereNteR%0d=%0d[8].find(confirm)%0dx>


Stored XSS

https://stored-xss.onrender.com/

XSStrike Query : python .\xsstrike.py -u "http://localhost:3000/?txt1=a&txt2=a" -f default
Generated Payload : '"</Script><Html Onmouseover=(confirm)()//<imG/sRc=l oNerrOr=(prompt)() x>


How to Run

  1. Install dependencies with npm install
  2. Run server with node script.js

About

Three simple labs to demonstrate XSS vulnerabilities (DOM-based, reflected and stored) on a Node.js server.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages