Lab: DOM XSS in
document.write sink using source
document.write function, which writes data out to the page. The
document.write function is called with data from
location.search, which you can control using the website URL.
To solve this lab, perform a cross-site scripting attack that calls the
- Enter a random alphanumeric string into the search box.
Right-click and inspect the element, and observe that your random string has been placed inside an
Break out of the
imgattribute by searching for: