Introduction: What is DOM XSS and What are Prototype Pollution Attacks?
Lab Solutions | Practical Work Time
This lab is vulnerable to DOM XSS via client-side prototype pollution. To solve the lab:
- Find a source that you can use to add arbitrary properties to the global
- Combine these to call
Stepwise Solution of the Lab
#So after accessing the lab, I hope you opened your Burp Suite and turned on Intercept too. 🙂
Firstly, open the ‘Console’ of that page where you’ve to solve the lab. Then write
And press enter. Check the thread you’d understand nothing right?
Well now Go back to the tab and put this “
/?__proto__[xyz]=bar” payload on the url and press enter.
Now do the same as we did before go to “console” and execute
Object.prototype . Well if you can see as you typed [xyz] in the property that showing and as you typed ‘bar’ in the value that showing.
It means you’ve successfully found a prototype pollution source.
Now turn back to the Burp Suite and check ‘Target’ section. Open the thread you will find a file named ‘js’.
Open ‘js’ file and you can see there are two file named ‘deparam.js’ and ‘searchLogger.js’ send both to the ‘Repeater’ section.
So we send both into repeater to check the response, look at there we found ‘transport_url’.
Let’s solve it now in once now. So for that you’ve to put this payload:-
Here we go see the lab has been solved.
Thank you for reading, if this article really helps you than do share with your mates.
And follow @masaudsec on Twitter.