1. Web Security Academy
  2. Cross-site scripting
  3. DOM-based
  4. Lab

Lab: DOM XSS in innerHTML sink using source location.search

This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.

To solve this lab, perform a cross-site scripting attack that calls the alert function.

web-security-academy-white

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login
back-to-top