=

04 - DOM XSS in innerHTML sink using source location.search

This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.

To solve this lab, perform a cross-site scripting attack that calls the alert function.

Given XSS in search blog, type(DOM)

End goal call alert function

As usual , start the lab and to get the context search for any keyword. I searched 'cs' -

search

Now this time our keyword is getting inside into another tag. Inside a span tag

source

I tried normal script tag with alert function but it doesn't works. May be script tag is not allowed. So another payload that uses another tag with onload attribute which means when that tag get loaded then the js code inside onload attribute get executed. Payload is following :

Payload <svg onload="alert(4)"></svg>

search
Lab solved :
solved
(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)