Basic XSS Challenge

Welcome to your first XSS challenge! In this exercise, you’ll need to find and exploit a cross-site scripting vulnerability in a simple web application.

Challenge Description

You’ve been given access to a simple message board application. Your goal is to inject JavaScript code that will execute when the page loads, demonstrating a successful XSS attack.

Objective

Find a way to make an alert box appear with the message “XSS Successful!” when the page loads.

The Application

<div class="message-board">
  <h2>Welcome to our Message Board</h2>
  
  <div class="form">
    <input type="text" id="username" placeholder="Your name">
    <textarea id="message" placeholder="Your message"></textarea>
    <button id="submit">Post Message</button>
  </div>
  
  <div class="messages" id="messages">
    <!-- Messages will appear here -->
  </div>
</div>

<script>
  document.getElementById('submit').addEventListener('click', function() {
    const username = document.getElementById('username').value;
    const message = document.getElementById('message').value;
    
    if(username && message) {
      addMessage(username, message);
      document.getElementById('username').value = '';
      document.getElementById('message').value = '';
    }
  });
  
  function addMessage(username, message) {
    const messagesDiv = document.getElementById('messages');
    const messageElement = document.createElement('div');
    messageElement.className = 'message';
    messageElement.innerHTML = `
      <strong>${username}</strong>: ${message}
    `;
    messagesDiv.appendChild(messageElement);
  }
  
  // Load some initial messages
  addMessage('Admin', 'Welcome to our secure message board!');
  addMessage('User1', 'Hi everyone!');
</script>

Submission

To complete this challenge, you need to:

1. Identify the vulnerability in the code
2. Craft a payload that will trigger an alert with the message “XSS Successful!”
3. Submit your solution in the form below

Good luck!