WebExploitation 24

• Lab - Exploiting XSS to Steal Cookies Mar 20, 2026
• Zzz Challenge Writeup mojoJOJO CTF Feb 9, 2026
• Product Challenge Writeup mojoJOJO CTF Feb 9, 2026
• From Swagger to Secrets- Exploiting an Exposed Heap Dump Feb 5, 2026
• Lab - Reflected XSS with some SVG markup allowed Feb 4, 2026
• Lab - Reflected XSS into HTML context with all tags blocked except custom ones Jan 22, 2026
• Stored DOM XSS Jan 20, 2026
• Reflected XSS into HTML context with most tags and attributes blocked Jan 20, 2026
• Stored XSS into anchor href attribute with double quotes HTML-encoded Jan 19, 2026
• Reflected XSS into attribute with angle brackets HTML-encoded Jan 19, 2026
• Reflected XSS into a JavaScript string with angle brackets HTML encoded Jan 19, 2026
• Reflected DOM XSS Jan 19, 2026
• DOM XSS in jQuery selector sink using a hashchange event Jan 19, 2026
• DOM XSS in document.write sink using source location.search inside a select element Jan 19, 2026
• DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded Jan 19, 2026
• Stored XSS into HTML context with nothing encoded Jan 18, 2026
• DOM XSS in jQuery anchor href attribute sink using location.search source Jan 18, 2026
• DOM XSS in innerHTML sink using source location.search Jan 18, 2026
• DOM XSS in document.write sink using source location.search Jan 18, 2026
• Reflected XSS into HTML context with nothing encoded Jan 17, 2026
• XSS:From Browser Parsing to Exploitation Dec 1, 2025
• Monster Cookie Secret Recipe PicoCTF Challenge Writeup Nov 14, 2025
• Spookifier challenge writeup HTB Nov 13, 2025
• Flagcommand challenge writeup HTB Nov 13, 2025