Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Cross-site scripting (DOM-based)

Aly Yehia Nov 02, 2019 06:26PM UTC

Burp has created 3 different DOM XSS issues with this description with High Severity and Firm Confidence

The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to the 'html()' function of JQuery.

This is the static analysis :

Data is read from window.location.hash and passed to the 'html()' function of JQuery via the following statements:

var n=window.location.hash;
$("#player" ) .html('<img alt=...' + n+ '"/0.jpg"/...' )

I don't know if it's a false positive but the missing slash before the n makes it look vulnerable.

$("#player" ) .html('<img alt=...' + '/' + n+ '"/0.jpg"/...' ) --> with the slash it shouldn't be vulnerable

I'm trying to give a n a new value such as var n="javascript:alert(document.domain)";
where should I inject the new value of n
But I don't understand how can this impact the website or be executed .

How can I exploit this?




Mike Eaton Nov 04, 2019 10:23AM UTC Support Center agent

Hi Aly, Our support service is for here to provide technical advice with Burp Suite. Unfortunately, we can’t provide specific assistance with fixing individual issues in people’s apps, or providing information on how vulnerabilities can be exploited.

We would recommend that you fully read our information on DOM Based XSS in the Web Security Academy alongside other useful learning materials online such as the OWASP cheat sheet.
- https://portswigger.net/web-security/cross-site-scripting/dom-based
- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html


Post Your public answer

Your name
Your email address
Answer