📕
Blog
  • 🐞Vulnerabilities & Techniques
    • Web Vulnerabilities
      • Open Redirect
      • HTTP Parameter Pollution (HPP)
      • Host Header Injection (HHI)
      • XSS
      • HTML-Injection
      • clickjacking
      • S3
      • EXternal Xml Entity (XXE)
      • XSS prevention | CSP
      • DOM-XSS
      • SQL Injection | SQLI
      • Response Manipulation Technique & How Burp Suite Works
    • API Vulnerabilities
      • Mass Assignment Vulnerability
  • 🚩CTF
    • ASCWG
  • ✍️Writeups
    • Read Writeups
      • REST API WriteUps
      • Web Vulnerabilities WriteUps
    • Technical Writeups
      • Reset Password Poisoning Via Host Header Injection Lead to (ATO)
      • OTP/2FA Bypasses
        • OTP bypasses
  • 😈TryHackMe
    • THM Advent of Cyber 3 (2021) NoSQL WriteUp
  • 🔱Web-CyberTalents
    • CyberTalents-Web-Easy
    • CyberTalents-Web-Medium
    • CyberTalents-Web-Hard
  • 🖇️Pentesting & Bug Hunting Tips
    • ATO Via Host Header Injection
    • OTP Bypass
    • OutLook Plugin Pentest Guide
  • 💻Port-Swigger Labs
    • XML external entity (XXE) injection
    • DOM-XSS
      • DOM XSS in the document.write sink using source location.search
      • Lab: DOM XSS in document.write sink using source location.search inside a select element
      • Lab: DOM XSS in innerHTML sink using source location.search
      • Lab: DOM XSS in jQuery anchor href attribute sink using location.search source
      • Lab: Reflected DOM XSS
      • Lab: Stored DOM XSS
    • SQL injection
      • Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Lab: SQL injection vulnerability allowing login bypass
      • Lab: SQL injection UNION attack, determining the number of columns returned by the query
      • Lab: SQL injection UNION attack, finding a column containing text
      • Lab: SQL injection UNION attack, retrieving data from other tables
      • Lab: SQL injection UNION attack, retrieving multiple values in a single column
      • Lab: SQL injection attack, querying the database type and version on Oracle
      • Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft
      • Lab: SQL injection attack, listing the database contents on non-Oracle databases
  • 🛜Wireless Networks Penetration Testing
  • ⚔️Wi-Fi Attacks
    • 🕸️Network Scanning attack
    • 🌊DOS / Flooding
      • 1️⃣DoS - Frame Flooding (Deauth, EAPOL, Beacons)
      • 2️⃣DoS- Exploiting Countermeasures (MIC failure)
    • Jamming Attacks (هجمات التشويش)
    • Probe Requests Attack
    • Handshake Attacks
      • Dictionary Attack
      • Clientless Attack
      • KRACK Attack
      • Downgrad Attack
    • Rouge AP Attack
  • Lab Notes
  • RFID and NFC
  • Bluetooth
  • ZigBee
  • Google Map Test
Powered by GitBook
On this page
  1. Port-Swigger Labs
  2. DOM-XSS

Lab: DOM XSS in jQuery anchor href attribute sink using location.search source

PreviousLab: DOM XSS in innerHTML sink using source location.searchNextLab: Reflected DOM XSS

Last updated 2 years ago

If a JavaScript library such as jQuery is being used, look out for sinks that can alter DOM elements on the page. For instance, the attr() function in jQuery can change attributes on DOM elements. If data is read from a user-controlled source like the URL and then passed to the attr() function, then it may be possible to manipulate the value sent to cause XSS.

$(function(){
$('#backLink').attr("href",(new URLSearchParams(window.location.search)).get('returnUrl'));
});

💻
Lab: DOM XSS in jQuery anchor href attribute sink using location.search source