mm0@home:~$

[xss] dom xss in jquery selector sink using a hash 957032c5628543c6a093a832ec593d06

[XSS] DOM XSS in jQuery selector sink using a hashchange event

[XSS] Lab: DOM XSS in jQuery selector sink using a hashchange event


Untitled

using firebug lite we can filter to view scripts.

Untitled

like this one:

Untitled

Untitled


for this challenge since we can see the website is use the $() jquery selector but that paired with the location.hash and hashchange allows us to provide script and input in URL.

but to deliver our payload we need our exploit server…

so this is the payload:

<iframe src="https://0a53002903e232bd8295a61400390049.web-security-academy.net/#" onload="this.src+='<img src=1 onerror=window.print()>'">

NOTE: we can use window.print() or print()

Untitled