13.18 Lab: DOM XSS in jQuery selector sink using a hashchange event | 2024
This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property. To solve the lab, deliver an exploit to the victim that calls the print() function in their browser | Karthikeyan Nagaraj
2 min readMar 23, 2024
Description
This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property. To solve the lab, deliver an exploit to the victim that calls the print() function in their browser.
Solution
- Notice the vulnerable code on the home page using Burp or the browser’s DevTools.
- From the lab banner, open the exploit server.
- In the Body section, add the following malicious
iframe
:<iframe src="https://YOUR-LAB-ID.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>
- Store the exploit, then click View Exploit to confirm that the
print()
function is called. - Go back to the exploit server and click Deliver to victim to solve the lab.
A YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng