Day 5: DOM XSS in jQuery anchor href attribute sink using location.search

PortSwigger labs offer practical exercises for learning about vulnerabilities and penetration testing and Rayofhpe has been posting solutions to these labs daily to provide an easy reference for those interested in learning more about penetration testing.
The solution provided today covers DOM XSS vulnerability stemming from the lack of sanitisation of the returnPath parameter in the href attribute of the backlink element.
This is a classic example of a DOM XSS attack, where an attacker injects malicious code through the alteration of the webpage’s DOM, which is then executed upon a user’s interaction with the infected element.
In this case, the vulnerability is exploited by crafting a link that executes malicious JavaScript when the element is clicked. This script is then reflected in the DOM as part of the href attribute.
This is yet another classic example of how the lack of proper sanitisation and validation of user-sourced input can lead to significant security vulnerabilities that can be exploited by malicious actors. H
These kinds of vulnerabilities are particularly dangerous when the compromised website is a trusted source and the victim is a loyal user.

Fast Feed