Changelog v0.2 :
- Added custom blacklisting options
- Removed one-off blacklisting options
- Removed persistent XSS page
- Changed reflected XSS page to just XSS page
- Added persistent option to XSS page
- Added pxss.html file to tree to fix bug
- Added two challenges
XSSmh is a configurable Cross-Site Scripting injection testbed. XSSmh allows you to exploit Cross-Site Scripting flaws, but furthermore allows a large amount of control over the manifestation of the flaws.
XSSmh is based on the idea of SQLol, an earlier release which allows for SQL injection exploitation.
Place the XSSmh source files on your Web server and open in a Web browser.