Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

DOM XSS 靶场练习 (sboxr)

wpadmin~April 6, 2019 /InfoSec

DOM XSS 靶场练习

基于数据流分析常见的 DOM 型 XSS 。
https://sboxr.com/

靶场平台 DOM goat
https://domgo.at/cxss/intro

其他 XSS 靶场
https://files.cnblogs.com/files/Eleven-Liu/xss%E7%BB%83%E4%B9%A0%E5%B0%8F%E6%B8%B8%E6%88%8F.zip

https://github.com/paralax/xss-labs

https://github.com/m4yfly/imxss-docker

在线环境平台
https://hack.me/t/XSS

参考资料

利用Sboxr自动发现和利用DOM型XSS-Part 1
https://nosec.org/home/detail/2421.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1

利用Sboxr自动发现和利用DOM型XSS-Part 2
https://nosec.org/home/detail/2426.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-2-3b5c494148e0

利用Sboxr自动发现和利用DOM型XSS-Part 3
https://nosec.org/home/detail/2444.html
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-3-2ea910dfb429

https://stackoverflow.com/questions/5410745/how-can-i-get-a-list-of-the-items-stored-in-html-5-local-storage-from-javascript

https://domgo.at/cxss/example/6

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.