add Xss-challenge-tour

README.md

@@ -50,7 +50,7 @@ cd vulstudy
 docker-compose up -d #启动容器
 docker-compose stop #停止容器
 ```
-![主界面](doc/vulstudy.jpg)
+![主界面](doc/vulstudy.png)
 
 ## 0x3 FAQ
 **1.第一次启动bWAPP容器访问其主页会报错如下：**

XSS-challenge-tour/Dockerfile

@@ -0,0 +1,9 @@
+FROM php:5.5-apache
+
+MAINTAINER c0ny1 <root@gv7.me>
+
+# set DirectoryIndex:index.htm
+COPY docker-php.conf /etc/apache2/conf-enabled/
+
+RUN rm -rf /var/www/html/*
+ADD ./src/ /var/www/html/

XSS-challenge-tour/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '2'
+services:
+ web:
+   #build: .
+   image: c0ny1/xssed:latest
+   ports:
+     - "80:80"

XSS-challenge-tour/docker-php.conf

@@ -0,0 +1,12 @@
+<FilesMatch \.php$>
+        SetHandler application/x-httpd-php
+</FilesMatch>
+
+DirectoryIndex disabled
+DirectoryIndex index.php index.html index.htm
+
+<Directory /var/www/>
+        Options -Indexes
+        AllowOverride All
+</Directory>
+

XSS-challenge-tour/src/chk.js

@@ -0,0 +1,4 @@
+window.alert = function()
+ {
+    confirm("完成的不错！");
+}

XSS-challenge-tour/src/index.php

@@ -0,0 +1,13 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<title>欢迎来到XSS挑战</title>
+</head>
+<body>
+<h1 align=center>欢迎来到XSS挑战</h1>
+<a href=level1.php?name=test><center><img src=index.png></center></a>
+<h2 align=center>点击图片开始你的XSS之旅吧！</h2>
+</body>
+</html>
+
+

XSS-challenge-tour/src/level1.php

@@ -0,0 +1,29 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level2.php?keyword=test"; 
+}
+</script>
+<title>欢迎来到level1</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level1</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["name"];
+echo "<h2 align=center>欢迎用户".$str."</h2>";
+?>
+<center><img src=level1.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>
+
+
+
+

XSS-challenge-tour/src/level10.php

@@ -0,0 +1,36 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level11.php?keyword=good job!"; 
+}
+</script>
+<title>欢迎来到level10</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level10</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+$str11 = $_GET["t_sort"];
+$str22=str_replace(">","",$str11);
+$str33=str_replace("<","",$str22);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form id=search>
+<input name="t_link"  value="'.'" type="hidden">
+<input name="t_history"  value="'.'" type="hidden">
+<input name="t_sort"  value="'.$str33.'" type="hidden">
+</form>
+</center>';
+?>
+<center><img src=level10.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>
+
+

XSS-challenge-tour/src/level11.php

@@ -0,0 +1,36 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level12.php?keyword=good job!"; 
+}
+</script>
+<title>欢迎来到level11</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level11</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+$str00 = $_GET["t_sort"];
+$str11=$_SERVER['HTTP_REFERER'];
+$str22=str_replace(">","",$str11);
+$str33=str_replace("<","",$str22);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form id=search>
+<input name="t_link"  value="'.'" type="hidden">
+<input name="t_history"  value="'.'" type="hidden">
+<input name="t_sort"  value="'.htmlspecialchars($str00).'" type="hidden">
+<input name="t_ref"  value="'.$str33.'" type="hidden">
+</form>
+</center>';
+?>
+<center><img src=level11.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>

XSS-challenge-tour/src/level12.php

@@ -0,0 +1,37 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level13.php?keyword=good job!"; 
+}
+</script>
+<title>欢迎来到level12</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level12</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+$str00 = $_GET["t_sort"];
+$str11=$_SERVER['HTTP_USER_AGENT'];
+$str22=str_replace(">","",$str11);
+$str33=str_replace("<","",$str22);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form id=search>
+<input name="t_link"  value="'.'" type="hidden">
+<input name="t_history"  value="'.'" type="hidden">
+<input name="t_sort"  value="'.htmlspecialchars($str00).'" type="hidden">
+<input name="t_ua"  value="'.$str33.'" type="hidden">
+</form>
+</center>';
+?>
+<center><img src=level12.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>
+

XSS-challenge-tour/src/level13.php

@@ -0,0 +1,38 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level14.php"; 
+}
+</script>
+<title>欢迎来到level13</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level13</h1>
+<?php 
+setcookie("user", "call me maybe?", time()+3600);
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+$str00 = $_GET["t_sort"];
+$str11=$_COOKIE["user"];
+$str22=str_replace(">","",$str11);
+$str33=str_replace("<","",$str22);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form id=search>
+<input name="t_link"  value="'.'" type="hidden">
+<input name="t_history"  value="'.'" type="hidden">
+<input name="t_sort"  value="'.htmlspecialchars($str00).'" type="hidden">
+<input name="t_cook"  value="'.$str33.'" type="hidden">
+</form>
+</center>';
+?>
+<center><img src=level13.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>
+

XSS-challenge-tour/src/level14.php

@@ -0,0 +1,10 @@
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<title>欢迎来到level14</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level14</h1>
+<center><iframe name="leftframe" marginwidth=10 marginheight=10 src="http://www.exifviewer.org/" frameborder=no width="80%" scrolling="no" height=80%></iframe></center><center>这关成功后不会自动跳转。成功者<a href=/xsschallenge/level15.php?src=1.gif>点我进level15</a></center>
+</body>
+</html>

XSS-challenge-tour/src/level15.php

@@ -0,0 +1,22 @@
+<html ng-app>
+<head>
+        <meta charset="utf-8">
+        <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.min.js"></script>
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level16.php?keyword=test"; 
+}
+</script>
+<title>欢迎来到level15</title>
+</head>
+<h1 align=center>欢迎来到第15关，自己想个办法走出去吧！</h1>
+<p align=center><img src=level15.png></p>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["src"];
+echo '<body><span class="ng-include:'.htmlspecialchars($str).'"></span></body>';
+?>
+
+

XSS-challenge-tour/src/level16.php

@@ -0,0 +1,30 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level17.php?arg01=a&arg02=b"; 
+}
+</script>
+<title>欢迎来到level16</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level16</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = strtolower($_GET["keyword"]);
+$str2=str_replace("script","&nbsp;",$str);
+$str3=str_replace(" ","&nbsp;",$str2);
+$str4=str_replace("/","&nbsp;",$str3);
+$str5=str_replace("	","&nbsp;",$str4);
+echo "<center>".$str5."</center>";
+?>
+<center><img src=level16.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str5)."</h3>";
+?>
+</body>
+</html>
+

XSS-challenge-tour/src/level17.php

@@ -0,0 +1,26 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！"); 
+}
+</script>
+<title>欢迎来到level17</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level17</h1>
+<?php
+ini_set("display_errors", 0);
+echo "<embed src=xsf01.swf?".htmlspecialchars($_GET["arg01"])."=".htmlspecialchars($_GET["arg02"])." width=100% heigth=100%>";
+?>
+<h2 align=center>成功后，<a href=level18.php?arg01=a&arg02=b>点我进入下一关</a></h2>
+</body>
+</html>
+
+
+
+
+
+

XSS-challenge-tour/src/level18.php

@@ -0,0 +1,23 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level19.php?arg01=a&arg02=b"; 
+}
+</script>
+<title>欢迎来到level18</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level18</h1>
+<?php
+ini_set("display_errors", 0);
+echo "<embed src=xsf02.swf?".htmlspecialchars($_GET["arg01"])."=".htmlspecialchars($_GET["arg02"])." width=100% heigth=100%>";
+?>
+</body>
+</html>
+
+
+

XSS-challenge-tour/src/level19.php

@@ -0,0 +1,22 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level20.php?arg01=a&arg02=b"; 
+}
+</script>
+<title>欢迎来到level19</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level19</h1>
+<?php
+ini_set("display_errors", 0);
+echo '<embed src="xsf03.swf?'.htmlspecialchars($_GET["arg01"])."=".htmlspecialchars($_GET["arg02"]).'" width=100% heigth=100%>';
+?>
+</body>
+</html>
+
+

XSS-challenge-tour/src/level2.php

@@ -0,0 +1,34 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level3.php?writing=wait"; 
+}
+</script>
+<title>欢迎来到level2</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level2</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form action=level2.php method=GET>
+<input name=keyword  value="'.$str.'">
+<input type=submit name=submit value="搜索"/>
+</form>
+</center>';
+?>
+<center><img src=level2.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>
+
+
+
+

XSS-challenge-tour/src/level20.php

@@ -0,0 +1,21 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level21.php?arg01=a&arg02=b"; 
+}
+</script>
+<title>欢迎来到level20</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level20</h1>
+<?php
+ini_set("display_errors", 0);
+echo '<embed src="xsf04.swf?'.htmlspecialchars($_GET["arg01"])."=".htmlspecialchars($_GET["arg02"]).'" width=100% heigth=100%>';
+?>
+</body>
+</html>
+

XSS-challenge-tour/src/level3.php

@@ -0,0 +1,30 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level4.php?keyword=try harder!"; 
+}
+</script>
+<title>欢迎来到level3</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level3</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>"."<center>
+<form action=level3.php method=GET>
+<input name=keyword  value='".htmlspecialchars($str)."'>
+<input type=submit name=submit value=搜索 />
+</form>
+</center>";
+?>
+<center><img src=level3.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str)."</h3>";
+?>
+</body>
+</html>

XSS-challenge-tour/src/level4.php

@@ -0,0 +1,34 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level5.php?keyword=find a way out!"; 
+}
+</script>
+<title>欢迎来到level4</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level4</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+$str2=str_replace(">","",$str);
+$str3=str_replace("<","",$str2);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form action=level4.php method=GET>
+<input name=keyword  value="'.$str3.'">
+<input type=submit name=submit value=搜索 />
+</form>
+</center>';
+?>
+<center><img src=level4.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str3)."</h3>";
+?>
+</body>
+</html>
+
+

XSS-challenge-tour/src/level5.php

@@ -0,0 +1,33 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level6.php?keyword=break it out!"; 
+}
+</script>
+<title>欢迎来到level5</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level5</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = strtolower($_GET["keyword"]);
+$str2=str_replace("<script","<scr_ipt",$str);
+$str3=str_replace("on","o_n",$str2);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form action=level5.php method=GET>
+<input name=keyword  value="'.$str3.'">
+<input type=submit name=submit value=搜索 />
+</form>
+</center>';
+?>
+<center><img src=level5.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str3)."</h3>";
+?>
+</body>
+</html>
+

XSS-challenge-tour/src/level6.php

@@ -0,0 +1,37 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level7.php?keyword=move up!"; 
+}
+</script>
+<title>欢迎来到level6</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level6</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = $_GET["keyword"];
+$str2=str_replace("<script","<scr_ipt",$str);
+$str3=str_replace("on","o_n",$str2);
+$str4=str_replace("src","sr_c",$str3);
+$str5=str_replace("data","da_ta",$str4);
+$str6=str_replace("href","hr_ef",$str5);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form action=level6.php method=GET>
+<input name=keyword  value="'.$str6.'">
+<input type=submit name=submit value=搜索 />
+</form>
+</center>';
+?>
+<center><img src=level6.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str6)."</h3>";
+?>
+</body>
+</html>
+
+

XSS-challenge-tour/src/level7.php

@@ -0,0 +1,35 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level8.php?keyword=nice try!"; 
+}
+</script>
+<title>欢迎来到level7</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level7</h1>
+<?php 
+ini_set("display_errors", 0);
+$str =strtolower( $_GET["keyword"]);
+$str2=str_replace("script","",$str);
+$str3=str_replace("on","",$str2);
+$str4=str_replace("src","",$str3);
+$str5=str_replace("data","",$str4);
+$str6=str_replace("href","",$str5);
+echo "<h2 align=center>没有找到和".htmlspecialchars($str)."相关的结果.</h2>".'<center>
+<form action=level7.php method=GET>
+<input name=keyword  value="'.$str6.'">
+<input type=submit name=submit value=搜索 />
+</form>
+</center>';
+?>
+<center><img src=level7.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str6)."</h3>";
+?>
+</body>
+</html>

XSS-challenge-tour/src/level8.php

@@ -0,0 +1,39 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level9.php?keyword=not bad!"; 
+}
+</script>
+<title>欢迎来到level8</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level8</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = strtolower($_GET["keyword"]);
+$str2=str_replace("script","scr_ipt",$str);
+$str3=str_replace("on","o_n",$str2);
+$str4=str_replace("src","sr_c",$str3);
+$str5=str_replace("data","da_ta",$str4);
+$str6=str_replace("href","hr_ef",$str5);
+$str7=str_replace('"','&quot',$str6);
+echo '<center>
+<form action=level8.php method=GET>
+<input name=keyword  value="'.htmlspecialchars($str).'">
+<input type=submit name=submit value=添加友情链接 />
+</form>
+</center>';
+?>
+<?php
+ echo '<center><BR><a href="'.$str7.'">友情链接</a></center>';
+?>
+<center><img src=level8.jpg></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str7)."</h3>";
+?>
+</body>
+</html>

XSS-challenge-tour/src/level9.php

@@ -0,0 +1,46 @@
+<!DOCTYPE html><!--STATUS OK--><html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=utf-8">
+<script>
+window.alert = function()  
+{     
+confirm("完成的不错！");
+ window.location.href="level10.php?keyword=well done!"; 
+}
+</script>
+<title>欢迎来到level9</title>
+</head>
+<body>
+<h1 align=center>欢迎来到level9</h1>
+<?php 
+ini_set("display_errors", 0);
+$str = strtolower($_GET["keyword"]);
+$str2=str_replace("script","scr_ipt",$str);
+$str3=str_replace("on","o_n",$str2);
+$str4=str_replace("src","sr_c",$str3);
+$str5=str_replace("data","da_ta",$str4);
+$str6=str_replace("href","hr_ef",$str5);
+$str7=str_replace('"','&quot',$str6);
+echo '<center>
+<form action=level9.php method=GET>
+<input name=keyword  value="'.htmlspecialchars($str).'">
+<input type=submit name=submit value=添加友情链接 />
+</form>
+</center>';
+?>
+<?php
+if(false===strpos($str7,'http://'))
+{
+  echo '<center><BR><a href="您的链接不合法？有没有！">友情链接</a></center>';
+        }
+else
+{
+  echo '<center><BR><a href="'.$str7.'">友情链接</a></center>';
+}
+?>
+<center><img src=level9.png></center>
+<?php 
+echo "<h3 align=center>payload的长度:".strlen($str7)."</h3>";
+?>
+</body>
+</html>

docker-compose.yml

@@ -59,6 +59,11 @@ services:
   ports:
    - "88:80"
 
+ Xss_challenge_tour:
+  image: c0ny1/xss-challenge-tour:latest
+  ports:
+   - "8091:80"
+
  dsvw:
   image: c0ny1/dsvw:v0.1m
   ports:

www/index.css

@@ -29,7 +29,7 @@ td{
 
 #Box {
   max-width          : 800px;
-  max-height         : 600px;
+  /*max-height         : 600px;*/
   background-color   : rgba(255, 255, 255, .7);
   margin-left        : auto;
   margin-right       : auto;

www/index.html

@@ -17,7 +17,7 @@
 
 <body style="background-color: #2e3030;"> 
 
-<div style="width:240px;height:50px;margin: 0 auto;border: 0px solid #000000;">
+<div style="width:240px;height:100px;margin: 0 auto;border: 0px solid #000000;">
 <a href="http://github.com/c0ny1/vulstudy" style="text-decoration:none;" target="view_window"><h1 style="color: #fbcc04;font-size: 60px;">vulstudy</h1></a>
 </div>
 
@@ -121,6 +121,13 @@
           <td>综合</td>
           <td>Spider Labs</td>
           <td>php</td>
+        </tr>
+		<tr onClick="openURL(':8091/')">
+          <th scope="row" style="text-align: center;">13</th>
+          <td>XSS挑战之旅</td>
+          <td>XSS</td>
+          <td>未知</td>
+          <td>php</td>
         </tr>
       </tbody>
     </table>