Introduction to DOM XSS in document.write sink using source location.search inside a select element.
In DOM XSS in document.write sink, DOM-based Cross-Site Scripting (XSS) is a web security vulnerability where untrusted data is injected into the DOM without proper validation or encoding. This allows attackers to execute malicious scripts within a user’s browser. To mitigate XSS, developers must validate, sanitize, and encode user-controlled data before incorporating it into the DOM.
Lab Solutions | Practical Work Time DOM XSS in document.write
This lab contains a DOM-based cross-site scripting vulnerability in the stock checker functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.search which you can control using the website URL. The data is enclosed within a select element.
To solve this lab, perform a cross-site scripting attack that breaks out of the select element and calls the alert function DOM XSS in document.write.
Stepwise Solution of the lab:-
After accessing the lab, You can see there are lots of products. Right? Have a look.
Well without any delay let’s click any of them. [ Basically, Click on View details ]
I clicked on it, so let’s scroll it down to see any noticeable functionality that can lead DOM XSS (Cross-Site scripting).
Here we can see selecting functionality that might be editable or replaceable. So for that let’s have a look at Inspect (Dev-Tool).
Note that I point my cursor on London. That’s why it directly shows the exact parameter. So, keep note that we can use “storeId” as a parameter. Now we have to see its JavaScript code If it presents then possibly we can see.
As you can see it’s available, So, let’s give it a try with the parameter we previously found that “storeId”. And in this scenario as I mentioned earlier it has selecting functionality so for that the payload will be this.
"></select><img%20src=1%20onerror=alert(1)>
So finally we solved this lab very easily. If you look down you can see what actually happened or reflected after pushing the payload and before pushing the payload. Do a little bit of self-analyzing through it. Hope you know what to do. Just simply see what was before and after via Dev-Tools or Inspect Element what you prefer to say. 🙂
Well, that’s the end of this lab.
I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!
Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.
FAQS
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.
