Vulnerable Apps
If you can recreate it, you understand it. This is a growling list of apps vulnerable to XSS created by hardening the app to various degrees.
- XSS vulnerable app 000-a
The most vulnerable app in the world, it will render any input as-such on the screen.
- XSS vulnerable app 000-b
H4x0ring not allowed! All `script` tags will be removed. Don't even try!
- XSS vulnerable app 000-c
`script` and `SCRIPT` not allowed!
- XSS vulnerable app 000-d
Any `script` tags and the likes `SCRIPT`, `sCripT` etc., are filtered using military grade regex.
- XSS vulnerable app 000-e
Don't you think you can use the `img` tag to sneak in XSS!
- XSS vulnerable app 000-f
Only white-listed HTML elements are supported because of security concerns.
- XSS vulnerable app 000-g
Only `br` is supported in this app for security reasons.