Building your own XSS Labs, hacking it, and then securing it!

MEDIUM MESSES UP THE QUOTES “” << I typed normal double quotes there so anywhere you see that, replace it with normal double quotes.

Introduction

I’ve foreseen a space on my FTP server where you can create your own labs. You are going to create them, hack them, and secure them before you learn what I mean by using the right filter for the right job.

Make a connection

• [ ] FTP connection: hackxpert.com
• [ ] User: Training
• [ ] Password: test
• [ ] Create a new file on the server
• [ ] Use “nickname.php” for example “rat.php” where the nickname can be anything, as long as you can copy and paste it

Build an HTML tag injection lab

Add the following code to your file (If you have to make the file locally, add the copy and copy it onto the server).

<?php if(isset($_GET[‘fname’])){ echo $_GET[‘fname’]; } ?> <form action=”FILENAME.php”> <label for=”fname”>First name:</label><br> <input type=”text” id=”fname” name=”fname” value=”John”><br> <input type=”submit” value=”Submit”> </form>

Make sure to replace <form action=”FILENAME.php”> with the name of your actual file.

Now hack it!!