This example is a DOM-based XSS. This page could actually be completely static
and still be vulnerable.
In this example, you will need to read the code of the page to understand what is
happening. When the page is rendered, the JavaScript code uses the current URL
to retrieve the anchor portion of the URL (#...) and dynamically (on the client side)
write it inside the page. This can be used to trigger a XSS if you use the payload as
part of the URL
Payload
http://192.168.56.101/xss/example9.php#Bobby%3Cscript%3Ealert%28%27Dazzler%27%29%3C/script%3E
No comments:
Post a Comment