Introduction

An attack that uses the href attribute of an anchor element in jQuery to inject and run malicious code within the Document Object Model (DOM) is known as DOM XSS in jQuery anchor href attribute sink utilizing location.search source. The URL’s query string arguments are the attack’s source, and the attacker can change them to insert malicious code by using the location.search property.

Lab Solutions | Practical Work Time DOM XSS in jQuery anchor

This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library’s $ selector function to find an anchor element, and changes its href attribute using data from location.search.

To solve this lab, make the “back” link alert document.cookie.

Stepwise Solution of the lab

After accessing the lab you can see there are lots of posts. (Scroll down a little bit)

But in this lab, here we’ve to do differently. So for that back to the top and click on ‘Submit Feedback’.

In this lab, put any random alphanumeric string. For that, we are going to use ‘wxyz1234’.

After entering, that let’s search ‘wxyz1234’ on Dev Tools.

As we pished an alphanumeric string on the URL, On the query parameter returnPath that is showing in the attribute tag. For these cases, we can try this payload to get an easy DOM cross-site scripting (XSS).

javascript:alert(1)

After putting this payload, we’ve to click on ‘Back’ button to see if is it reflected or not.

Successfully, we got what we wanted and the lab DOM XSS in jQuery anchor href attribute sink using location.search source has been solved.

I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: DOM XSS in jQuery selector sink using a hashchange event, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!

Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.