HackerOne CTF XSS Playground by zseano (Spoilers)
This is the first half decent looking app I've encountered this whole CTF!
Immediately I'm prompted with a little modal:
Feeling up to a challenge?
Can you find all of the XSS on this page? Use a keen eye and see if you can discover the following types of XSS:
- 5 Reflective Cross Site Scripting
- 3 Stored Cross Site Scripting
- 2 DOM-Based Cross Site Scripting
- 1 CSP-Bypass Cross Site Scripting
- 1 use of XSS to leak "something"
Good luck! - zseano & HackerOne
Looks like this is the number of each type I'm trying to find. Great, how about a little scoreboard with ◯ and ⊙:
Reflective Cross Site Scripting: ◯ ◯ ◯ ◯ ◯
Stored Cross Site Scripting: ◯ ◯ ◯
DOM-Based Cross Site Scripting: ◯ ◯
CSP-Bypass Cross Site Scripting: ◯
Use of XSS to leak "something": ◯
Thanks for reading! Read other posts?