LAB 5 - DOM XSS in jQuery anchor href attribute sink using location.search source

Initial instructions

This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an anchor element, and changes its href attribute using data from location.search.

To solve this lab, make the "back" link alert document.cookie.

To complete this lab I used the following XSS payload.

javascript:alert(document.cookie)

So I we check the url we have a parameter so lets try inject our payload there.

Congratulations, you solved the lab!