Playing with XSS

Want to learn more about XSS attacks – well the best way is probably to try some yourself. Here are two sites that offer XSS games that allow you to test and improve your skills.

One of my favorite strings to use in testing XSS when I am doing pen testing is the following:
<iframe src=//></iframe>
It will add an embedded iframe for the youtube video Rick Roll. 🙂 Its always amusing to see all the places I can get a Rick Roll to appear.
BTW, to keep the link from rendering, I had to HTML endode < to &lt;, and for good measure also change > to &gt; and change the & in &lt; to &amp;.