Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

DOM XSS - How to actually inject the source ?

Iordache | Last updated: Mar 19, 2019 08:16PM UTC

Hello, so, I am struggeling to understand something and I cannot find an answer. If anybody could help me I would be very appreciative. A dynamic analysis of a JS code rendered this Data is read from input.value and passed to element.innerHTML. The source element has id [ID_HERE] and name [NAME_HERE]. The following value was injected into the source: [SOME_OTHER_VALUE_HERE] The previous value reached the sink as: <yacjxnqfk6/\> The stack trace at the source was: /* stack trace */ The stack trace at the sink was: /* stack trace */ The XSS was triggered by a DOMContentLoaded event. So, the analysis is correct, if I inject somehow the payload inside the source element, it can be exploited. But how can I actually inject it ?? It is not like I can pass the value in a GET / POST parameter so I can modify anything. And also, what is with the value in the [SOME_OTHER_VALUE_HERE] ? Is this a false positive because I cannot actually modify the generated source or am I something missing ?

PortSwigger Agent | Last updated: Mar 20, 2019 12:46PM UTC

Hi Lordache Burp dynamic analysis knows that the dom object value is being used to write HTML. We flag these issues because if you can find a way to change it's value e.g. hidden get parameter then it would be DOM XSS. Even if there isn't a controllable parameter it's still useful information because it could be potential DOM XSS if the application is changed in future. Kind regards Gareth

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.