Module 03 — Cross-Site Scripting (XSS)

Icon: Code Brackets   |   Colour: Orange

Overview

Tests for reflected XSS, DOM-based XSS, and server-side template injection (SSTI) using over 30 payloads and multiple filter-bypass techniques.

How It Works

1. Canary strings — injects unique trackable strings to detect injection points.
2. 30+ XSS payloads — tests each injection point with a broad payload library.
3. Filter bypass techniques — uses encoding, case variation, and tag variations to evade WAFs and input filters.
4. Template injection — tests for SSTI via payloads like {{7*7}} to detect server-side rendering exploits.
5. DOM source-to-sink analysis — scans JavaScript for dangerous patterns (e.g. innerHTML, document.write, eval) combined with user-controllable sources (location.hash, document.referrer).
6. CSP consideration — findings are rated higher when no Content Security Policy is in place.

Expected Findings

Finding	Severity
Reflected XSS (no CSP)	Critical
Server-Side Template Injection (SSTI)	Critical
Reflected XSS (with protections)	High
Unfiltered payload in response	High
Potential DOM-based XSS	Medium

Related CWEs

• CWE-79: Cross-site Scripting
• CWE-1336: Server-Side Template Injection