LAB 6 - DOM XSS in jQuery selector sink using a hashchange event¶

Initial instructions¶

This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery's $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.¶

To solve the lab, deliver an exploit to the victim that calls the print() function in their browser.¶

To solve this lab I used the following XSS payload.

<iframe src="https://0a3b004b0416d74480a4c1ca002400a2.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>

What we need to do it go to our exploit server and enter the XSS payload in the body, then we can view the exploit and see that works or send it to the victim.

alt text

After sent we will see that we completed the lab successfully.

alt text

LAB 6 - DOM XSS in jQuery selector sink using a hashchange event¶

Initial instructions¶

This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery's $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.¶

To solve the lab, deliver an exploit to the victim that calls the print() function in their browser.¶

Congratulations, you solved the lab!¶