Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: DOM XSS in jQuery selector sink using a hashchange event

APPRENTICE

This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery's $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.

To solve the lab, deliver an exploit to the victim that calls the print() function in their browser.

ACCESS THE LAB

Solution

  1. Notice the vulnerable code on the home page using Burp or the browser's DevTools.
  2. From the lab banner, open the exploit server.

  3. In the Body section, add the following malicious iframe:

    <iframe src="https://YOUR-LAB-ID.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>
  4. Store the exploit, then click View exploit to confirm that the print() function is called.
  5. Go back to the exploit server and click Deliver to victim to solve the lab.

Community solutions

z3nsh3ll
Intigriti

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find XSS vulnerabilities using Burp Suite

Try for free