Need Solutions for some of the challenges

[realworldpentesting]

Hello, I am struggling in exploiting some of the challenges, can you provide the solutions for that it will be really helpful for me to learn and understand advanced level challenges of XSS as I solved all the Reflected XSS module but I am struggling in solving EscapedXSS module.

[qll]

Hey,

Not all of the firing range tests are actually exploitable. This is by design: First and foremost the firing range is a test bench for a web security scanner. It is used to test if the scanner finds vulnerabilities. But it is also used to test if the scanner does not alert on non-exploitable test cases - because that would mean that the scanner throws false positives.

Unfortunately the firing range does not explain which test case is exploitable and which one is not.

So in the escaped xss module many tests are actually not exploitable (to the best of my knowledge). But others are actually exploitable, such as this one:

http://public-firing-range.appspot.com/escape/serverside/escapeHtml/attribute_unquoted?q=a%20onmouseover=alert(1)%20style=display:block;width:1000px;height:1000px

So: The firing range is probably not the best place to learn about more complicated XSS cases (because it never tells you if something is exploitable or not). If we are ever going to build a new version, I will make sure that we add solutions to the repository, so it can also be used as a learning tool :-)

[realworldpentesting]

Hi @qll thanks for your time and letting me know about the exploitability and I request you if possible add solutions to the repository.