04 - DOM XSS in innerHTML sink using source location.search

This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.

To solve this lab, perform a cross-site scripting attack that calls the alert function.

Given - XSS in search blog, type(DOM)
End goal - call alert function

As usual , start the lab and search for any keyword. I searched 'cs' -

Now this time our keyword is getting inside into another tag.

Script tag is not allowed. So another payload can be - <svg onload="alert(4)"></svg>

Lab solved :

Prev Next

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell