[6/6] Level 6: Final Challenge

Mission Description

This is the final challenge! This level combines multiple XSS concepts. The application loads external "gadgets" via URL parameters and uses a complex sanitization function that has a bypass vulnerability.

Mission Objective: Find a way to bypass the sanitization and execute JavaScript through the gadget parameter.

Gadget Store

Clock
☁️
Weather
🧮
Calculator
📝
Notes
✓ Level Complete! You successfully exploited the final challenge!

🎉 Congratulations!

You've completed all 6 levels of the XSS Security Game!

You now have a better understanding of common XSS vulnerabilities and how they can be exploited. Use this knowledge to write more secure code and protect your applications from these attacks.

Remember: Always sanitize and escape user input, use Content Security Policy, and follow security best practices.

Hints

The application loads gadgets via the ?gadget= URL parameter. Look at the source code to see how it sanitizes input.
The sanitizer blocks <script> tags, but it's case-sensitive. Can you think of other ways to execute JavaScript in HTML?
The sanitizer doesn't block all event handlers. Try: ?gadget=<svg/onload=alert('XSS')>
function sanitize(input) {
  // Attempt to sanitize input (FLAWED!)
  return input.replace(/<script>/gi, '')
              .replace(/javascript:/gi, '');
}

function loadGadgetFromURL() {
  const params = new URLSearchParams(window.location.search);
  const gadget = params.get('gadget');
  
  if (gadget) {
    const display = document.getElementById('gadget-display');
    // VULNERABLE: Weak sanitization allows bypass
    display.innerHTML = sanitize(gadget);
  }
}