=

05 - DOM XSS in jQuery anchor href attribute sink using location.search source

This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an anchor element, and changes its href attribute using data from location.search.
To solve this lab, make the "back" link alert document.cookie.

Given XSS in submit feedback page

End goal call alert function


There is a back link in the bottom right of the submit feedback form. Inspect on the back link. In the code you will find that the href of the a tag (back) is changed with the value of ReturnPath from url parameter. Which means value of the parameter name - returnPath , is getting called when user click on back. We can call javascript protocol to run a alert function. Payload would be

Payload javascript:alert(document.cookie)

url
in my case alert(1) also worked

Change the value of ReturnPath and then click on the back link which is situated at the bottom right of submit form.

Lab solved -
search
(If you have any type of query / Question / suggestion .. feel free to ask below. We would be happy to connect you. Have a great day buddy!!)