mediumReflected XSSPro

Rill

Volunteer sign-up with a 24-character cap on search queries. Safer, right?

The Scenario

Rill is a creek-conservation volunteer network. Their sign-up search has a 24-character cap because the dev heard "shorter queries are safer." There's no other filter.

Challenge Intel

Synopsis

Your payload must fit in 24 characters. It can.

What It Is

A Flask volunteer-search page that truncates input to 24 chars and reflects it raw.

Who It's For

Someone who wants a taste of XSS payload golf.

Skills You'll Practice

SVG short-form payloads
Self-closing tag shorthand
Writing XSS under a byte budget

What You'll Gain

Fluency with compact XSS payloads
Awareness that length limits aren't defences

Ready to hack Rill?

Upgrade to Pro to unlock this challenge and the full library.

View Pro Plans