Cross Site Scripting (XSS) — Lab 03

This lab explains the basic dom based XSS. First, starting the lab, we get the following page which has search field.

Searching for anything adds the data to search parameter in url and also displays it on the page. This can also cause reflected XSS. But our goal is to exploit DOM based XSS.

So, we search for the entered data in source code using developers tool. We can see that there’s new element which has our input data and also there’s a script which is using document.write function.

Looking at the script, it contains a trackSearch function which takes query as argument and write image element to the DOM with document.write function. Next line extracts the search parameter from current url using window.location.search and passes it to the trackSearch function.

Here, we can break the img element and add new element also.

So, using the following payload, we break the current img tag and then add new img tag which will call alert function if the source is wrong.

"><img src=x onerror=alert()>

As provide src X is not found, so the alert function is called.

Here, we can see the effect of our payload as it writes another img tag to the DOM.