Solving Portswigger Academy: DOM XSS in document.write sink using source location.search
This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript
document.writefunction, which writes data out to the page. Thedocument.writefunction is called with data fromlocation.search, which you can control using the website URL.To solve this lab, perform a cross-site scripting attack that calls the
alertfunction.
In this lab, I am going to use DOM Invader to solve this lab. Install the plugin of DOM Invader in browser.
Let’s access the lab which has a search functionality. In browser where you can see other plugin, you will see the invader plugin. I have updated the canary to ‘abcd12345’.
Now in search field type the above canary in search field.And now right click and select Inspect, then click on DOM Invader.
Now click on Stack Trace and then on Console. You will see below lines with a link.
When you click on above link a sorce will open which show you the sink i.e doument.write().
Now go back to the Invader tab in inspect window and click on exploit.
And you will see the pop-up an alert box.
Lab solved.
