In this module, you will practice identifying and exploiting XSS vulnerabilities. Read the assignment and use the skills learned in previous modules to solve the task.

In this task, we exploit the XSS vulnerability in JavaScript strings. Vulnerable code is not executed by default, so you will need to use creativity in this task!

XSS-JS-3

Try to figure out how to execute JavaScript code in the task. The string in the task is defined inside a function that is never called, so you will need to use creativity to run the JavaScript code. After that, you can solve the task in the required manner.

If you can't figure out how to execute JavaScript code, check the spoiler below. However, we recommend trying your best before looking at the ready-made answer!

Päätämme edellisen funktion, kutsumme omaa hälytyslaatikko funktiota ja luomme uuden funktion, jota ei myöskään kutsuta.

Näin voit suorittaa JavaScript-koodia

*In this module, you will practice identifying and exploiting XSS vulnerabilities. Read the assignment and use the skills learned in previous modules to solve the task.*

@exercise b3bff99ef60b

Try to figure out how to execute JavaScript code in the task. The string in the task is defined inside a function that is never called, so you will need to use creativity to run the JavaScript code. After that, you can solve the task in the required manner.

If you can't figure out how to execute JavaScript code, check the spoiler below. However, we recommend trying your best before looking at the ready-made answer!

@embed 9cb119cfd869


Päätämme edellisen funktion, kutsumme omaa hälytyslaatikko funktiota ja luomme uuden funktion, jota ei myöskään kutsuta.

```javascript
test'; } alert(0); function nope() {const x = '
```

XSS in JavaScript strings 3

Learn how to find and exploit a vulnerability that is one of the most common vulnerabilities, easy to find, and yet very dangerous. Hackerone ranked XSS the #1 bug bounty vulnerability of 2021.

XSS (Cross-Site Scripting) vulnerabilities are both common and serious. For example, HackerOne has listed XSS as the number one vulnerability on their top 10 vulnerabilities list.

Vulnerability management is therefore extremely important, whether you are a penetration tester, a security consultant, a developer, or a bounty hunter!

XSS in JavaScript strings 3

Learn to hack — start here