Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

DOM-based XSS

Kingkong Dec 09, 2019 06:36AM UTC

Hi , I got the message like this :
The application may be vulnerable to DOM-based cross-site scripting. Data is read from location.hash and passed to $()

The response is :
var id = location.hash.replace('#', '');

$elem = $(
'[data-' + PLUGIN_NAME + '-id="' + id + '"]'
How can I exploit this ? Thanks so much

Ben Wright Dec 09, 2019 09:15AM UTC Support Center agent


Our support service is here to provide technical advice with Burp Suite. Unfortunately, we cannot provide specific assistance with exploiting individual vulnerabilities.

Post Your public answer

Your name
Your email address