XSS-With-Kurukshetra on Raghunath Gopinath

XSS-With-Kurukshetra on Raghunath Gopinath https://raghu.io/tags/xss-with-kurukshetra/ Recent content in XSS-With-Kurukshetra on Raghunath Gopinath Hugo -- gohugo.io en hello@raghu.io (Raghunath Gopinath) hello@raghu.io (Raghunath Gopinath) © 2026 Raghunath Gopinath Mon, 02 Feb 2026 22:47:55 +0530 XSS Explained - Learn cross-site scripting with examples https://raghu.io/xss-explained-learn-cross-site-scripting-with-examples/ Fri, 25 Nov 2022 11:35:43 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-explained-learn-cross-site-scripting-with-examples/ Challenge 1 - Stored cross-site scripting attack https://raghu.io/challenge-1-stored-cross-site-scripting-attack/ Tue, 13 Dec 2022 05:43:59 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/challenge-1-stored-cross-site-scripting-attack/ Challenge 2 - Reflected cross-site scripting attack https://raghu.io/challenge-2-reflected-cross-site-scripting-attack/ Wed, 04 Jan 2023 15:29:55 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/challenge-2-reflected-cross-site-scripting-attack/ Challenge 3 - XSS bypass blacklist HTML tags https://raghu.io/challenge-3-xss-bypass-blacklist-html-tags/ Fri, 13 Jan 2023 05:21:34 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/challenge-3-xss-bypass-blacklist-html-tags/ Challenge 14: XSS bypass blacklisted JS function https://raghu.io/xss-bypass-blacklisted-js-function-challenge-14/ Tue, 21 Mar 2023 06:30:20 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-bypass-blacklisted-js-function-challenge-14/ This article goes into depth discussing an alternative JavaScript function, namely "confirm()". It serves as an alternative for the JavaScript "alert()" function when the latter is unavailable. Challenge 13: XSS in HTML Anchor Tag https://raghu.io/xss-in-html-anchor-tag/ Thu, 16 Mar 2023 06:52:55 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-in-html-anchor-tag/ Check out how a security risk can arise from an improperly configured dynamic link generation tag and which can result in XSS exploitation. Challenge 12: XSS CSP bypass through remote payload https://raghu.io/xss-csp-bypass-remote-payload-challenge-12/ Sat, 11 Mar 2023 06:30:06 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-csp-bypass-remote-payload-challenge-12/ Learn how to bypass a misconfigured CSP policy and how it can lead to the successful exploitation of cross-site scripting vulnerability. Challenge 11: XSS CSP bypass through an inline script https://raghu.io/xss-csp-bypass-through-inline-script-challenge-11/ Sat, 04 Mar 2023 06:30:48 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-csp-bypass-through-inline-script-challenge-11/ Learn how a misconfigured CSP can be bypassed, potentially leading to the successful exploitation of cross-site scripting vulnerability. Challenge 10: XSS bypass backslash escape https://raghu.io/xss-bypass-backslash-escape-challenge-10/ Tue, 28 Feb 2023 06:30:15 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-bypass-backslash-escape-challenge-10/ Check out how the XSS can be exploited in the HTML <div> tags and learn more about <img> tag-based XSS payload. Challenge 9: XSS in the hidden input field https://raghu.io/xss-in-hidden-input-field-challenge-9/ Fri, 24 Feb 2023 06:42:44 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-in-hidden-input-field-challenge-9/ Check out how the XSS can also be exploited in hidden input parameter fields with examples. Challenge 8: XSS bypass improper output encoding https://raghu.io/xss-bypass-improper-output-encoding-challenge-8/ Mon, 20 Feb 2023 04:45:53 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-bypass-improper-output-encoding-challenge-8/ Learn how the partially implemented HTML output encoding can be bypassed for exploiting XSS vulnerability using the HTML5 attributes Challenge 7: XSS in a dropdown list https://raghu.io/xss-in-dropdown-list-challenge-7/ Fri, 10 Feb 2023 05:40:27 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-in-dropdown-list-challenge-7/ Learn how the XSS vulnerability can be found in other params even though it is not editable by the browser using the BurpSuite Proxy tool Challenge 6: XSS Bypass Client-Side Blacklist Validation https://raghu.io/xss-bypass-client-side-blacklist-validation-challenge-6/ Mon, 06 Feb 2023 11:22:01 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-bypass-client-side-blacklist-validation-challenge-6/ Learn why client-side validation cannot be trusted all the time and how it can be tampered with by using BurpSuite as a proxy for exploiting XSS Challenge 5: XSS bypass Client-Side Length Limit https://raghu.io/xss-bypass-client-side-length-limit-challenge-5/ Thu, 02 Feb 2023 05:48:16 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-bypass-client-side-length-limit-challenge-5/ Learn why client-side validation cannot be trusted all the time and how it can be tampered with by browser debugging tools for exploiting XSS Challenge 4: XSS using HTML attribute https://raghu.io/xss-using-html-attribute-challenge-4/ Wed, 18 Jan 2023 07:29:22 +0000 hello@raghu.io (Raghunath Gopinath) https://raghu.io/xss-using-html-attribute-challenge-4/ Learn how the XSS payload can be crafted using HTML5 event attributes rather than using the classic <script> tag