-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDOM_based_XSS
More file actions
16 lines (15 loc) · 843 Bytes
/
DOM_based_XSS
File metadata and controls
16 lines (15 loc) · 843 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<select>
<script>
document.write("<OPTION value=1>"+document.location.href.substring
(document.location.href.indexOf("default=")+8)+"</OPTION>");
document.write("<OPTION value=2>English</OPTION>");
</script>
</select>
The page is invoked with a URL such as: http://www.some.site/page.html?default=French
A DOM Based XSS attack against this page can be accomplished by sending the following URL to
a victim: http://www.some.site/page.html?default=<script>alert(document.cookie)</script>
The original Javascript code in the page does not expect the default parameter to contain HTML
markup, and as such it simply echoes it into the page (DOM) at runtime. The browser then renders
the resulting page and executes the attacker’s script:
alert(document.cookie)
Now we've discussed all types of XSS , so lets talk about some advanced techniques.