An attack that uses the href attribute of an anchor element in jQuery to inject and run malicious code within the Document Object Model (DOM) is known as DOM XSS in jQuery anchor href attribute sink utilizing location.search source. The URL’s query string arguments are the attack’s source, and the attacker can change them to insert malicious code by using the location.search property.
Lab Solutions | Practical Work Time DOM XSS in jQuery anchor
This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library’s
$ selector function to find an anchor element, and changes its
href attribute using data from
To solve this lab, make the “back” link alert
Stepwise Solution of the lab
After accessing the lab you can see there are lots of posts. (Scroll down a little bit)
But in this lab, here we’ve to do differently. So for that back to the top and click on ‘Submit Feedback’.
In this lab, put any random alphanumeric string. For that, we are going to use ‘wxyz1234’.
After entering, that let’s search ‘wxyz1234’ on Dev Tools.
As we pished an alphanumeric string on the URL, On the query parameter
returnPath that is showing in the attribute tag. For these cases, we can try this payload to get an easy DOM cross-site scripting (XSS).
After putting this payload, we’ve to click on ‘Back’ button to see if is it reflected or not.
Successfully, we got what we wanted and the lab DOM XSS in jQuery anchor href attribute sink using location.search source has been solved.
I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: DOM XSS in jQuery selector sink using a hashchange event, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!
Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.
Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.
Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.
It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.
Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.