DOM XSS 靶场练习
基于数据流分析常见的 DOM 型 XSS 。
https://sboxr.com/
靶场平台 DOM goat
https://domgo.at/cxss/intro
其他 XSS 靶场
https://files.cnblogs.com/files/Eleven-Liu/xss%E7%BB%83%E4%B9%A0%E5%B0%8F%E6%B8%B8%E6%88%8F.zip
https://github.com/paralax/xss-labs
https://github.com/m4yfly/imxss-docker
在线环境平台
https://hack.me/t/XSS
参考资料
利用Sboxr自动发现和利用DOM型XSS-Part 1
https://nosec.org/home/detail/2421.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1
利用Sboxr自动发现和利用DOM型XSS-Part 2
https://nosec.org/home/detail/2426.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-2-3b5c494148e0
利用Sboxr自动发现和利用DOM型XSS-Part 3
https://nosec.org/home/detail/2444.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-3-2ea910dfb429
https://stackoverflow.com/questions/5410745/how-can-i-get-a-list-of-the-items-stored-in-html-5-local-storage-from-javascript
Leave a Reply