|
|
===>>GO TO THE STORE<<===
п»їDOM XSS in jQuery selector sink using a hashchange event | Dec 29, 2022.
Welcome to my another writeup! In this Portswigger Labs lab, you’ll learn: DOM XSS in jQuery selector sink using a hashchange event! Without further ado, let’s dive in.
Overall difficulty for me (From 1-10 stars): в…в†в†в†в†в†в†в†в†в†
Background.
This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.
To solve the lab, deliver an exploit to the victim that calls the print() function in their browser.
Exploitation.
Home page:
View source page:
src= "/resources/js/jquery_1-8-2.js" > src= "/resources/js/jqueryMigrate_1-4-1.js" > $ ( window ). on ( ' hashchange ' , function () var post = $ ( ' section.blog-list h2:contains( ' + decodeURIComponent ( window . location . hash . slice ( 1 )) + ' ) ' ); if ( post ) post . get ( 0 ). scrollIntoView (); >);
In here, we can see that it uses jQuery’s $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.
Now, since the location.hash is controlled by the user, we can try to exploit that.
To do so, we need to trigger the hashchange event handler without user interaction.
For example, we can use an :
src= "https://0af4007404af60e5c17e12d500bb0047.web-security-academy.net/#" onload= "this.src+=' '" >
In here, the iframe ’s src attribute points to the vulnerable page with an empty hash value. When the iframe is loaded, an XSS payload is appended to the hash, causing the hashchange event to fire.
Let’s use the exploit server to host the payload and deliver to the victim:
XSS-6 src= "https://0af4007404af60e5c17e12d500bb0047.web-security-academy.net/#" onload= "this.src+=' '" >
What we’ve learned:
DOM XSS in jQuery selector sink using a hashchange event.
buy medical weed online by zip
lm hash generator online
half ounce weed price uk
cannabis concentrates for sale
where to buy seaweed fresh
marijuana seeds for sale washington
where to buy thc o reddit
hash dabbers for sale
buy weed arlington va
age to buy delta 8 thc texas
melbourne cbd boutique shopping
marijuana anonymous montreal
ice cream cake strain seeds for sale
la mota growshop
can you buy marijuana in az now
buy marijuana online montana
bubble hash kits for sale
marijuana shop bangkok
medical marijuana stores in hemet california
street price for 1 gram of weed
northern lights 6kw generator price
weed market seattle
buy marijuana online 99
feminized weed seeds for sale usa
weed mat price mitre 10
talenti gelato price
denver co weed shop
weed seeds cheap
shisha price in dubai
farmers market sydney cbd
buy medical weed online reviews
cannabis oil buy
where to buy seaweed in hong kong
buy delta 8 moon rocks
buy medical weed online zdarma
buy marijuana online youtube
marijuana pipes for sale
medical marijuana sales arkansas
medical marijuana government website
marijuana anonymous las vegas
edibles online thc
average price for a pound of weed in canada
bhang lassi shop near me
redmax weed eaters for sale near me
weed themed sandwich shop
where to buy seaweed genshin
420 evaluations medical marijuana card online doctor (mmj)
buy marijuana online kindle
Optus shop locations melbourne cbd
Buy e shisha uk 1
Weed shop 2 apk for android
Ganja goddess store
Puma store sydney cbd 1
Best prices for medical marijuana near me
Loud weed seeds for sale
Buy double platinum blunt wraps online 1
Marijuana anonymous boulder
Buy medical weed online za
Medical marijuana shop tampa 1
|
|
发表于 2024-6-10 14:46:02