Click here to Start the Test - JS demo.

Click here to Start the Test - Split JS demo.

Click here to Start the Test - Fake page JS demo.

Click here to Start the Test - Redirect to fake CNN page.

Click here to Start the Test - Link.

Click here to Start the Test - External Script - Redirect Demo .

Click here to Start the Test - External Script - CNN Demo .

Click here to Start the Test - Deeper XSS

Test Case / Demonstration

The test will try to open a page with a spoofed address bar of "http://www.google.com/".

Start the test
1)
Follow the link below and click the "Refresh the page" link (may change for different language versions) on the standard Internet Explorer error page that will appear.

2)
Click here to Start the Test.


Result
You are vulnerable, if a default Internet Explorer error page appears with a link, which if clicked, results in a spoofed Google.com page.

You are not vulnerable to this particular exploit, if you do not experience the above behaviour.


Credits
The test is based on Proof of Concept code by Aviv Raff