Categoría: Cross-site scripting

Stored DOM XSS

Descripción This lab demonstrates a stored DOM vulnerability in the blog comment functionality. To solve this lab, exploit this vulnerability to call the alert() function. Stored DOM XSS writeup Al entrar en ele laboratorio veremos un blog. Al entrar en un post hay un formulario para poder enviar comentarios. Aquí estará la vulnerabilidad XSS. Explorando el código […]

Reflected DOM XSS

Descripción This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response. A script on the page then processes the reflected data in an unsafe way, ultimately writing it to a dangerous sink. To solve this lab, create an […]

DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded

Descripción This lab contains a DOM-based cross-site scripting vulnerability in a AngularJS expression within the search functionality. AngularJS is a popular JavaScript library, which scans the contents of HTML nodes containing the ng-app attribute (also known as an AngularJS directive). When a directive is added to the HTML code, you can execute JavaScript expressions within double curly […]

DOM XSS in document.write sink using source location.search inside a select element

Descripción This lab contains a DOM-based cross-site scripting vulnerability in the stock checker functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.search which you can control using the website URL. The data is enclosed within a select element. To solve this lab, perform a cross-site scripting attack […]

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Descripción This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets are encoded. The reflection occurs inside a JavaScript string. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function. Reflected XSS into a JavaScript string with angle brackets […]

Stored XSS into anchor href attribute with double quotes HTML-encoded

Descripción This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked. Stored XSS into anchor href attribute with double quotes HTML-encoded writeup Al entrar al laboratorio encontramos un blog online: Como nos indica la descripción del laboratorio, vamos […]

Reflected XSS into attribute with angle brackets HTML-encoded

Descripción This lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded. To solve this lab, perform a cross-site scripting attack that injects an attribute and calls the alert function. Reflected XSS into attribute with angle brackets HTML-encoded writeup Al entrar al laboratorio encontramos un blog online: Al realizar una […]

DOM XSS in jQuery selector sink using a hashchange event

Descripción This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property. To solve the lab, deliver an exploit to the victim that calls the print() function in their browser. DOM XSS in jQuery selector sink using a hashchange event […]

DOM XSS in jQuery anchor href attribute sink using location.search source

Descripción This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library’s $ selector function to find an anchor element, and changes its href attribute using data from location.search. To solve this lab, make the «back» link alert document.cookie. DOM XSS in jQuery anchor href attribute sink using location.search source writeup Al entrar encontraremos un blog: Vamos a […]

DOM XSS in innerHTML sink using source location.search

Descripción This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search. To solve this lab, perform a cross-site scripting attack that calls the alert function. DOM XSS in document.write sink using source location.search writeup Al entrar al laboratorio nos encontramos con […]