1. Web Security Academy
  2. Cross-site scripting
  3. DOM-based
  4. Lab

Lab: DOM XSS in innerHTML sink using source location.search


This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.

To solve this lab, perform a cross-site scripting attack that calls the alert function.