DOM XSS

DOM based XSS - DVNA

Step 1: Let's Register a user on the application at http://192.168.31.112:9090/register. Enter the details and click submit. Intercept this request using Burp

Step 2: Modify the name parameter in the intercepted POST request's body to %3Cimg+src%3D%22a%22+onerror%3Dalert%28%27XSS1111%27%29%3E and turn the intercept off. A user will be created on the application

Step 3: Navigate to http://192.168.31.112:9090/app/admin/users. You'll see an alert on the page because the XSS payload injected through name is executed. The nameparameter is used to create a user profile and the user details are inserted into the vulnerable page by an XHR request that retrieves the user details

PreviousReflected XSS NextStored XSS - Mutillidae

Last updated 4 years ago