hacking, owasp, web application security

OWASP Hackademic Challenges Project – Challenge 3

Another day, another challenge… What’s the topic today? Cross-Site Scripting (XSS)!

Scenario below:

XSS permits a malevolent user to inject his own code in vulnerable web pages. According to the OWASP 2010 Top 10 Application Security Risks, XSS attacks rank 2nd in the “most dangerous” list.

Your objective is to make an alert box appear HERE bearing the message: “XSS!“.


Entering the challenge we see the following –


Looking at the page source we noticed that there is a POST method


A POST method is used to send data to the server either to a database or to another file or API (Application Programming Interface).

Going to Google – I found a link from OWASP that describes the common ways to test for Cross-Site Scripting (XSS).

Trying one of the items in the web page – alert(“XSS!”); – I get the following:



We were successfully able to use XSS scripting on the webpage.
Lessons learned:

When having input fields – as the web developer we need to make sure there is input validation. The reason for this is that we can disallow invalid characters (in this case the script tags) so our website would not be susceptible to XSS.

1 thought on “OWASP Hackademic Challenges Project – Challenge 3”

  1. Hi! I can’t see the text in the screenshots. It’s a bit unclear. This is what I see:


    and when I try it I don’t get anything. What am I missing?

Leave a Reply to team22school Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s