Back to Home

XSS Labs

Practice and test XSS payloads in controlled environments

Educational Purpose Only: These labs are intentionally vulnerable for learning XSS techniques. Do not use these payloads on systems without authorization.

XSS Challenge Lab

5 Challenges

Multiple XSS scenarios with different filters and bypass techniques. Includes title injection, filtered inputs, character limits, and space restrictions.

Title Injection Filter Bypass Length Limit No Spaces
Launch Lab

Multi-Context Reflection

3 Contexts

Test XSS in different reflection contexts: HTML attributes, JavaScript variables, and raw HTML output. Use parameters p1, p2, p3.

Input Attribute Script Context HTML Body
Launch Lab

Path-Based XSS

URL Path

Practice XSS via URL path injection. The server reflects the request path without sanitization.

PATH_INFO URL Injection
Launch Lab