Burp Suite User Forum

Login to post

Cross-site scripting (DOM-based)

Aly | Last updated: Nov 02, 2019 06:26PM UTC

Burp has created 3 different DOM XSS issues with this description with High Severity and Firm Confidence The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to the 'html()' function of JQuery. This is the static analysis : Data is read from window.location.hash and passed to the 'html()' function of JQuery via the following statements: var n=window.location.hash; $("#player" ) .html('<img alt=...' + n+ '"/0.jpg"/...' ) I don't know if it's a false positive but the missing slash before the n makes it look vulnerable. $("#player" ) .html('<img alt=...' + '/' + n+ '"/0.jpg"/...' ) --> with the slash it shouldn't be vulnerable I'm trying to give a n a new value such as var n="javascript:alert(document.domain)"; where should I inject the new value of n But I don't understand how can this impact the website or be executed . How can I exploit this?

Mike, PortSwigger Agent | Last updated: Nov 04, 2019 10:16AM UTC

Hi Aly, Our support service is for here to provide technical advice with Burp Suite. Unfortunately, we can't provide specific assistance with fixing individual issues in people's apps, or providing information on how vulnerabilities can be exploited. We would recommend that you fully read our information on DOM Based XSS in the Web Security Academy alongside other useful learning materials online such as the OWASP cheat sheet. - https://portswigger.net/web-security/cross-site-scripting/dom-based - https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

You need to Log in to post a reply. Or register here, for free.