- The dangers of trusting HTTP headers
HTTP headers can be set by users and they can be very dangerous if you are using their values anywhere in the application logic, or are writing or storing (and eventually writing) their values anywh...
- XSS vulnerable app 000-a
The most vulnerable app in the world, it will render any input as-such on the screen.
- XSS vulnerable app 000-b
H4x0ring not allowed! All `script` tags will be removed. Don't even try!
- XSS vulnerable app 000-c
`script` and `SCRIPT` not allowed!
- XSS vulnerable app 000-d
Any `script` tags and the likes `SCRIPT`, `sCripT` etc., are filtered using military grade regex.
- XSS vulnerable app 000-e
Don't you think you can use the `img` tag to sneak in XSS!