Skip to content

Commit

Permalink
Update descriptions
Browse files Browse the repository at this point in the history
  • Loading branch information
@frank-leitner
frank-leitner committed Dec 10, 2022
1 parent aef6850 commit e60f6b3
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions ...pting_XSS/DOM_XSS_in_document.write_sink_using_source_location.search/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ Python script: [script.py](script.py)

## Steps

The lab application is a blog website with search functionality. The search term is included on the result page.
The lab application is a blog website with search functionality. After performing a search, the search term is included on the result page.

A simple XSS attempt fails:

![simple_xss_attempt](img/simple_xss_attempt.png)

Looking at the page source, the search term displayed is properly encoded. However, it also shows that a javascript takes the search term out of the URL and writes it into an img-tag:
Looking at the page source, the search term displayed is properly encoded. However, it also shows that a javascript takes the search term out of the URL and writes it into an img-tag for some type of tracking:

![vulnerable_javascript](img/vulnerable_javascript.png)

Expand Down
6 changes: 3 additions & 3 deletions ..._scripting_XSS/DOM_XSS_in_innerHTML_sink_using_source_location.search/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,16 @@ Python script: [script.py](script.py)

## Steps

The lab application is a blog website with search functionality. The search term is included on the result page.
The lab application is a blog website with search functionality. After performing a search, the search term is included on the result page.

This is not performed on the server side, but by using client side JavaScript:
This is not performed on the server side, but by using client-side JavaScript:

![HTML](img/HTML.png)

If the `search` argument is provided, the `innerHTML` of a `span`-element is changed dynamically. Inserting JavaScript by using `foo<img src="xxx" onerror=alert(document.domain)>` as search parameter results in this HTML:

![malicious_html](img/malicious_html.png)

This will raise the JavaScript `alert` box confirming the XSS vulnerability and updates the lab to
During the rendering of the page, the image fails to load. This in turn will raise the JavaScript `alert` box confirming the XSS vulnerability and updates the lab to

![success](img/success.png)

0 comments on commit e60f6b3

Please sign in to comment.