This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an
innerHTMLassignment, which changes the HTML contents of a
divelement, using data from
To solve this lab, perform a cross-site scripting attack that calls the
As we can see here innerHTML sink used.
Checking BurpAcademy DOM based Cross Site Scripting documentation.
innerHTMLsink doesn’t accept
scriptelements on any modern browser, nor will
svg onloadevents fire. This means you will need to use alternative elements like
iframe. Event handlers such as
onerrorcan be used in conjunction with these elements. For example:
element.innerHTML='... <img src=1 onerror=alert(document.domain)> ...'
If we then try:
'><img src=1 onerror=alert(document.domain)>
Lab is solved!