-
On the Submit feedback page, change the query parameter
returnPathto/followed by a random alphanumeric string. -
Right-click and inspect the element, and observe that your random string has been placed inside an a
hrefattribute. -
Change
returnPathto:javascript:alert(document.cookie)Hit enter and click "back".
Lab: DOM XSS in jQuery anchor href attribute sink using location.search source
This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an anchor element, and changes its href attribute using data from location.search.
To solve this lab, make the "back" link alert document.cookie.
