Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Dom Based XSS

luser Jun 10, 2019 07:04AM UTC

I got a notification from burp scanner as
The application may be vulnerable to DOM-based cross-site scripting. Data is read from document.URL and passed to the 'prepend()' function of JQuery via the following statement:
$("body:not(..." ) .prepend('<div clas...' + document.URL.substr(0 , document.URL.indexOf("?" ) ) + '> ...' )

but I don't understand how to exploit this ,help me out with this.
Thank you.


Liam Tai-Hogan Jun 10, 2019 12:37PM UTC Support Center agent

From the code snippet you’ve provided, this looks like it could be a valid issue.

You’ll need to submit your payload in to the query string.

It’s also worth noting that this exploit might only work using Edge or IE.


Post Your public answer

Your name
Your email address
Answer