{"id":28790794,"url":"https://github.com/povzayd/xss-labs","last_synced_at":"2026-02-11T02:47:29.681Z","repository":{"id":300431712,"uuid":"1000618976","full_name":"povzayd/XSS-LABS","owner":"povzayd","description":"This is an intentionally vuln webpage designed to practice XSS.","archived":false,"fork":false,"pushed_at":"2025-07-07T18:04:15.000Z","size":103,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-30T06:44:53.035Z","etag":null,"topics":["webpentesting","xss","xss-attacks","xss-exploitation","xss-injection","xss-poc","xss-vulnerability"],"latest_commit_sha":null,"homepage":"https://povzayd.github.io/XSS-LABS/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/povzayd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-12T04:22:35.000Z","updated_at":"2025-07-07T18:04:18.000Z","dependencies_parsed_at":"2025-06-21T17:39:19.888Z","dependency_job_id":null,"html_url":"https://github.com/povzayd/XSS-LABS","commit_stats":null,"previous_names":["povzayd/xss-labs"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/povzayd/XSS-LABS","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/povzayd%2FXSS-LABS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/povzayd%2FXSS-LABS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/povzayd%2FXSS-LABS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/povzayd%2FXSS-LABS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/povzayd","download_url":"https://codeload.github.com/povzayd/XSS-LABS/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/povzayd%2FXSS-LABS/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29326078,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T02:08:56.257Z","status":"ssl_error","status_checked_at":"2026-02-11T02:08:51.338Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["webpentesting","xss","xss-attacks","xss-exploitation","xss-injection","xss-poc","xss-vulnerability"],"created_at":"2025-06-17T23:08:56.650Z","updated_at":"2026-02-11T02:47:29.645Z","avatar_url":"https://github.com/povzayd.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"### 🧠 What is XSS (Cross-Site Scripting)?\n\n**XSS (Cross-Site Scripting)** is a type of **security vulnerability** that allows an attacker to **inject malicious code (usually JavaScript)** into a website or web application. This code then **runs in the browser** of other users who visit the site.\n\n---\n\n### 🧨 Why is it dangerous?\n\nBecause it lets attackers:\n\n* Steal cookies, session tokens, or personal data\n* Trick users into clicking fake buttons or links (phishing)\n* Deface the website or redirect users elsewhere\n* Hijack user accounts or perform actions on their behalf\n\n---\n\n### πŸ” How does it happen?\n\nIt usually happens when a website:\n\n1. **Takes user input** (like in a search box or comment field)\n2. **Displays it back** on the page **without properly cleaning it**\n3. So an attacker can input something like:\n\n ```html\n \u003cscript\u003ealert('XSS')\u003c/script\u003e\n ```\n \nand get xss triggered!\n\n---\n\n## πŸ§ͺ XSS LAB – Complete XSS Vulnerability Training Ground\n\nThis project is a hands-on **web security lab** designed to help learners understand and exploit the three major types of **Cross-Site Scripting (XSS)** vulnerabilities:\nπŸ” **Reflected**, πŸ—ƒοΈ **Stored**, and 🧠 **DOM-Based XSS**.\n\n---\n\n### πŸš€ Project Structure [TRY NOW!](https://povzayd.github.io/XSS-LABS)\n\nThe lab is divided into diffrent escalating levels of difficulty:\n\n---\n\n### β—Ύ Lab 1 – Beginner Level: Basic Injection\n\n**Focus:** Introduces how unfiltered user input is executed as code.\n\n* Users can enter simple scripts like:\n\n ```html\n \u003cscript\u003ealert(87)\u003c/script\u003e\n ```\n* Demonstrates:\n\n * Basic **reflected XSS** (via query parameters or form input)\n * **Stored XSS** (through input saved and re-displayed)\n * A basic example of **DOM-based XSS**\n* Suitable for beginners to understand how careless input handling results in direct script execution.\n\n---\n\n### β—Ύ Lab 2 – Intermediate Level: Context Breakout\n\n**Focus:** Teaches bypassing more complex filters and escaping HTML contexts.\n\n* Requires crafted payloads such as:\n\n ```html\n \"\u003e\u003cscript\u003ealert(87)\u003c/script\u003e\n ```\n* Demonstrates:\n\n * How XSS works when injection occurs inside HTML attributes, tags, or JS contexts\n * DOM manipulation vulnerabilities where user input is processed via JavaScript (e.g., `location.hash`, `innerHTML`, `document.write`)\n* Helps learners practice **breaking out of quotes, attributes, or tags** β€” simulating real-world attack scenarios.\n\n---\n### β—Ύ Lab 3 – Coming Soon\n---\n### 🎯 Learning Objectives\n\nBy completing these labs, users will:\n\n* Understand the **differences** between Reflected, Stored, and DOM-based XSS\n* Learn to **identify vulnerable input/output handling**\n* Gain hands-on experience with **payload crafting** and **context-based escaping**\n* Improve awareness of **secure coding best practices**\n---\n### ⚠️ Disclaimer\n\nThis lab is intended **strictly for educational purposes**.\nDo not attempt these techniques on any live websites or systems without **explicit permission**.\n---\n### 🀝 Want to Contribute?\n\nWe’re building this XSS Lab for learners, web security explorers, and curious minds β€” and **you** can help make it even better!\n\n#### πŸ”§ How You Can Contribute:\n\n* Add new XSS levels or challenges (Reflected / Stored / DOM-based)\n* Suggest new payloads or bypass techniques\n* Fix bugs or write better explanations\n\n#### πŸ› οΈ Getting Started:\n\n1. Fork the project on [GitHub](https://github.com/povzayd/XSS-LABS)\n2. Make your changes\n3. Submit a Pull Request\n4. We’ll review and merge!\n\n\u003e πŸ’‘ No idea is too small. Whether it’s a typo fix or a new lab β€” every contribution counts.\n---\n### πŸ‘Ύ Built by web security explorers, For web security explorers\n\nThis project was crafted with βš”οΈ passion and πŸ’» precision by:\n\n* **[Unass](https://github.com/una55)** \n* **[Zaid](https://github.com/povzayd)** \n\nWe built this lab to help others **learn, break, and secure** β€” because the best way to defend the web is to understand how it’s broken.\n\n\u003e πŸ™ Special thanks to the community of web security explorers and learners who inspire us to push boundaries, ask better questions, and share knowledge freely.\n\u003c!------completed readme file rn!! all good till now?\u003e\u003e\u003e\u003e\u003e--------\u003e\n\n---\nThis project is licensed under the [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/povzayd/XSS-LABS#MIT-1-ov-file) β€” feel free to use, modify, and share with proper attribution.\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpovzayd%2Fxss-labs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpovzayd%2Fxss-labs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpovzayd%2Fxss-labs/lists"}