Skip to content

This is a script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab.

Notifications You must be signed in to change notification settings

pho3nix-writeups/wps-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-locationSearch-source-script

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab

I recommend going through the lab manually first. This will increase learning.
Want a write-up? I have one here.

Installation

Clone Repo & Install Dependencies

git clone https://github.com/pho3nix-writeups/wps-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-locationSearch-source-script.git && \
cd wps-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-locationSearch-source-script && \
pip install -r requirements.txt

clone

What are you installing?


Usage

Help Info

./exploit.py -h
usage: exploit.py [-h] [-u [url]] [-p [payload]]

This is a script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab.

options:
  -h, --help            show this help message and exit
  -u [url], --url [url]
                        your lab url, make sure to include the / at the end - example: ./exploit.py -u https://YOUR-LAB-ID.web-security-academy.net/
  -p [payload], --payload [payload]
                        your custom payload (optional) default: javascript:alert(document.domain)

Custom Payload

The lab url is required. There is an option to use a custom payload.

exploit.py -u <your lab url> -p <your custom payload>

If you don't include a payload javascript:alert(document.domain) will be used by default.

Example of Use

Here's a link to the script portion of the write-up.


Errors

Proxy Error

exploit.py requires a proxy (Burp Suite) open using 127.0.0.1:8080. If a proxy isn't open, you'll get an error like the following. burperror

If you have a different proxy setup, you can edit it in exploit.py here:

proxies = {
    'http': 'http://127.0.0.1:8080',
    'https': 'http://127.0.0.1:8080'
}

Timeout Error

The Web Security Academy labs will time out after a bit. If you get a [!] HTTP status code of 504 returned, but 200 was expected. Exiting... error, make sure to check your browser. You need to click on access the lab to generate a new lab session. error


Have some ideas? Feel free to create an issue.
Have fun.
Made with 💙 by Pho3nix

About

This is a script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab.

Topics

Resources

Stars

Watchers

Forks

Languages