[xss] lab reflected dom xss 56ec30c8216a42dab75761404e2952d3
[XSS] Lab: Reflected DOM XSS
lets inject a canary and search for it within the inspect page of the web site the canary I will use os ‘lb115’
let’s also look at our network tab in inpect tool for all request being made.
lets look at the contents of this response.
so it is in JSON, and it is echoing our own search term, and I could be wrong but before we look at our code I think we might be able to exploit this if there is no sanitation provided.
so this searchresults.js takes our search term places it into how search results object that we see in json above, from there it uses a function to display our search term and results.
it basically parses the JSON object for the name and echo it into the web page with the
var searchTerm = searchResultsObj.searchTerm
so I think if we can somehow escape the JSON string and inject some type of javascript function since we’re within the context of a script because the eval function is going to pass and execute whatever is provided to it. There is no sanitization so right now we’re within a script context.
lest try a payload with json string of “-alert(1)
tool I found for json escaping:
Free Online JSON Escape / Unescape Tool - FreeFormatter.com
