[1/6]  Level 1: Hello, world of XSS

Mission Description

This level demonstrates a common cause of cross-site scripting where user input is directly included in the page without proper escaping.

Interact with the vulnerable application window below and find a way to make it execute JavaScript of your choosing. You can take actions inside the vulnerable window or directly edit its URL bar.

Mission Objective

Inject a script to pop up a JavaScript alert() in the frame below.

Once you show the alert you will be able to advance to the next level.
Advance to next level >>

Your Target


Target code (toggle)

Hints 0/3 (show)

  1. 1. To see the source of the application you can right-click on the frame and choose View Frame Source from the context menu or use your browser's developer tools to inspect network traffic.
  2. 2. What happens when you enter a presentational tag such as <h1>?
  3. 3. Alright, one last hint: <script> ... alert ...