XSS Polyglot Challengev2
alert()
in more than one context.
What is a XSS Polyglot?
A XSS payload which runs in multiple contexts. For example, '--><svg onload=alert()>
can pop alerts in <div class=''--><svg onload=alert()>'></div>
and <!--'--><svg onload=alert()>-->
. It is useful in testing XSS because it minimizes manual efforts and increases the success rate of blind XSS. More...
Rules
- You will be given 20 common contexts
in black-box - No DOM sinks or external libraries are involved
- Plain HTML injection with minimum filtering
- A headless Chrome will try your payload
- Your payload should run
alert()
in 2+ contexts - Payloads exceeding 1024 characters will always fail
- Network is disabled
Contexts
<div class="{{payload}}"></div> <div class='{{payload}}'></div> <title>{{payload}}</title> <textarea>{{payload}}</textarea> <style>{{payload}}</style> <noscript>{{payload}}</noscript> <noembed>{{payload}}</noembed> <template>{{payload}}</template> <frameset>{{payload}}</frameset> <select><option>{{payload}}</option></select> <script type="text/template">{{payload}}</script> <!--{{payload}}--> <iframe src="{{payload}}"></iframe> " → <iframe srcdoc="{{payload}}"></iframe> " → < → <script>"{{payload}}"</script> </script → <\/script <script>'{{payload}}'</script> </script → <\/script <script>`{{payload}}`</script> </script → <\/script <script>//{{payload}}</script> </script → <\/script <script>/*{{payload}}*/</script> </script → <\/script <script>"{{payload}}"</script> </script → <\/script " → \"
Context# | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F | G | H | I | J |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Leaderboard
# | Name | Contexts | Characters | Results |
---|