=

05 - DOM XSS in jQuery anchor href attribute sink using location.search source

This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an anchor element, and changes its href attribute using data from location.search.
To solve this lab, make the "back" link alert document.cookie.

There is a backlink in the url with the parameter name - returnPath , which is getting called when user go back. We can call javascript protocol to run a alert function. payload would be - javascript:alert(document.cookie)

url

(in my case aler(1) also worked)

click on back

Lab solved -
search
(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)