This repository documents my hands-on practice with web application security vulnerabilities using safe, legal labs.
- Reflected XSS (JavaScript context)
- Understanding how user input flows into client-side code
- Identifying vulnerable sinks in HTML and JavaScript
- Crafting payloads to trigger controlled JavaScript execution
- Platform: Web Security Labs (practice environment)
- OS: Kali Linux (via WSL)
- Tools used:
- Browser DevTools
- curl
- Manual payload testing
- Encoding alone does not guarantee safety
- Context matters more than filters
- JavaScript string contexts are especially dangerous if mishandled
All testing was performed on intentionally vulnerable labs for educational purposes only.
No real-world systems were targeted.
✨ More labs will be added as I continue learning web security.