=

03 - DOM XSS in document.write sink using source location.search

This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.search, which you can control using the website URL.

To solve this lab, perform a cross-site scripting attack that calls the alert function.

Given - XSS in search functionality
End goal - call alert function

Start the lab, on hompage there would be a search functionality. If i search for the word hello -

search

After looking in the source code we get that our search keyword is directly getting added into image's href attribute. Now construct the payload that closes the tag and call the function.

source code

Payload - "><script>alert(3)</script>

search

It popped up a alert

popup
Lab solved :
comment
(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)