[xss] dom xss in document write sink using source e1e68ed51add4361b03ba793444133c7
[XSS] DOM XSS in document.write sink using source location.search inside a select element
lets go to the site and begin testing for XSS
so for a possible injection point we’re within the context of JS script
since we’re within the context of a HTML tag lets look for a event handler that work with on select
this is the systax and payload I crafted
<select name="storeId" onselect="alert(1)">
so this worked:
my previous payload didn’t work because syntax error.