Lab: DOM XSS in jQuery anchor href attribute sink using location.search source

Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Untitled

Please Notice the submit feedback functionality.

Untitled

Now, let’s go and try to analysis the code.

Untitled

Notice That the script is trying to get the return path.

Let’s try to find the Return Path in the main page.

Untitled

Great let’s try to inject malicious JavaScript code in it.

JavaScript:alert(document.cookie);

Untitled

now enter.

Untitled