XSS Security Game

Educational Purpose

This game teaches about Cross-Site Scripting (XSS) vulnerabilities in web applications. Learn to find and exploit XSS bugs to better understand how to prevent them in your own code.

Inspired by and adapted from Google's original XSS Game.

Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in web applications. These vulnerabilities can allow attackers to steal or modify user data in your apps.

In this training program, you'll learn to find and exploit XSS bugs through 6 progressive levels. Each level presents a vulnerable application - your task is to find the vulnerability and execute JavaScript to complete the challenge.

Your objective: Make each level execute a JavaScript alert() to advance to the next level.

Level 1
Hello, XSS
Basic input reflection without escaping
Level 2
Persistence
Stored XSS in a simple application
Level 3
Context Matters
Breaking out of HTML attributes
Level 4
Script Context
Injection in JavaScript strings
Level 5
DOM-Based
Client-side XSS vulnerabilities
Level 6
Final Challenge
Advanced exploitation techniques