Script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab
I recommend going through the lab manually first. This will increase learning.
Want a write-up? I have one here.
git clone https://github.com/pho3nix-writeups/wps-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-locationSearch-source-script.git && \
cd wps-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-locationSearch-source-script && \
pip install -r requirements.txt
What are you installing?
./exploit.py -h
usage: exploit.py [-h] [-u [url]] [-p [payload]]
This is a script to exploit DOM XSS in jQuery anchor href attribute sink using location.search source in the PortSwigger Web Security Lab.
options:
-h, --help show this help message and exit
-u [url], --url [url]
your lab url, make sure to include the / at the end - example: ./exploit.py -u https://YOUR-LAB-ID.web-security-academy.net/
-p [payload], --payload [payload]
your custom payload (optional) default: javascript:alert(document.domain)
The lab url is required. There is an option to use a custom payload.
exploit.py -u <your lab url> -p <your custom payload>
If you don't include a payload javascript:alert(document.domain) will be used by default.
Here's a link to the script portion of the write-up.
exploit.py requires a proxy (Burp Suite) open using 127.0.0.1:8080. If a proxy isn't open, you'll get an error like the following.
If you have a different proxy setup, you can edit it in exploit.py here:
proxies = {
'http': 'http://127.0.0.1:8080',
'https': 'http://127.0.0.1:8080'
}
The Web Security Academy labs will time out after a bit. If you get a [!] HTTP status code of 504 returned, but 200 was expected. Exiting... error, make sure to check your browser. You need to click on access the lab to generate a new lab session.
Have some ideas? Feel free to create an issue.
Have fun.
Made with 💙 by Pho3nix